PDA

View Full Version : Yes I got hacked again


Tim Wilson
02-01-2009, 05:19 PM
My website was hacked again .....GEEEZ
And I fixed it again but it took half a day because my host got things all balled up trying to help me. I thought their security would protect me but I guess not.

Kiril, do you know how to Iron Clad my site?

treegal1
02-01-2009, 06:34 PM
fire and re hire your web guy,,,,,,,,,,

Tim Wilson
02-01-2009, 08:37 PM
Trouble is...I'm the web guy.

treegal1
02-01-2009, 08:47 PM
Trouble is...I'm the web guy.

oh that's the hardest to do then, I will ask about some help first thing, I got a guy that helps me and can ask if he has something sure fire, so far he has got a good track record...

Kiril
02-01-2009, 11:46 PM
Kiril, do you know how to Iron Clad my site?

I'm not a security expert, but I have coded scripts to secure websites.
Are you running your own server? If not, are you certain your site is the security hole?

hunter
02-02-2009, 01:12 AM
are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.


<?
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>

Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.

Kiril
02-02-2009, 01:35 AM
are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.


<?
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>

Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.

The above only applies to a Linux server. Beyond that, you should set your file permissions (i.e. index.html for Tim) to 444 or 644 if you want to prevent unauthorized writing to the file. 444 permissions are the best for straight html files, but it will require you to change the permissions before you can modify the file. If the file(s) don't change that much, use the 444 permissions. It is also possible to set tighter restrictions on your directories, but the safe setting which will allow just about anything is 755.

This of course does nothing if the hacker has access to the server, especially if it is a shared server. Fact of the matter is, if he is on a shared server his site may not even be the hole at all. I've seen some of the hacking programs used when I was developing my security script ... and they are serious insidious.

hunter
02-02-2009, 02:29 AM
Yes this is for a Linux server, was not thinking about a windows server since I never use one.

Also look for a file called htt and m.php. These are other access files they add to your server.

Tim Wilson
02-05-2009, 01:25 PM
Sorry, I was away for 3 days. Thanks for the advice. I'm on a shared server and did not know I had to change the ftp password along with the access password. That is now done.

There were no antivirus 2009 files on my computer. All I can do now is hope it does not repeat.

DUSTYCEDAR
02-05-2009, 03:11 PM
you need a bigger lock on you gate tim