Register free!
Search
 
     

Click for Weather
Reply
 
Thread Tools Display Modes
  #1  
Old 02-01-2009, 05:19 PM
Tim Wilson Tim Wilson is offline
LawnSite Senior Member
 
Join Date: Jan 2008
Location: British Columbia, Canada
Posts: 797
Yes I got hacked again

My website was hacked again .....GEEEZ
And I fixed it again but it took half a day because my host got things all balled up trying to help me. I thought their security would protect me but I guess not.

Kiril, do you know how to Iron Clad my site?
Reply With Quote
  #2  
Old 02-01-2009, 06:34 PM
treegal1's Avatar
treegal1 treegal1 is offline
LawnSite Platinum Member
 
Join Date: Jan 2008
Location: drifting.......
Posts: 4,021
fire and re hire your web guy,,,,,,,,,,
Reply With Quote
  #3  
Old 02-01-2009, 08:37 PM
Tim Wilson Tim Wilson is offline
LawnSite Senior Member
 
Join Date: Jan 2008
Location: British Columbia, Canada
Posts: 797
Trouble is...I'm the web guy.
Reply With Quote
  #4  
Old 02-01-2009, 08:47 PM
treegal1's Avatar
treegal1 treegal1 is offline
LawnSite Platinum Member
 
Join Date: Jan 2008
Location: drifting.......
Posts: 4,021
Quote:
Originally Posted by Tim Wilson View Post
Trouble is...I'm the web guy.
oh that's the hardest to do then, I will ask about some help first thing, I got a guy that helps me and can ask if he has something sure fire, so far he has got a good track record...
Reply With Quote
  #5  
Old 02-01-2009, 11:46 PM
Kiril Kiril is offline
LawnSite Fanatic
 
Join Date: Jun 2007
Location: District 9 CA
Posts: 18,306
Quote:
Originally Posted by Tim Wilson View Post
Kiril, do you know how to Iron Clad my site?
I'm not a security expert, but I have coded scripts to secure websites.
Are you running your own server? If not, are you certain your site is the security hole?
Reply With Quote
  #6  
Old 02-02-2009, 01:12 AM
hunter's Avatar
hunter hunter is offline
LawnSite Senior Member
 
Join Date: May 2003
Location: Texas
Posts: 254
are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.

Code:
<? 
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>
Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.
__________________
------------------------------------------------------
Quote:
I don't believe too much in looking back. If you've done well, you're too inclined to become smug. If you've done poorly, you're inclined to become discouraged. Keep looking ahead - yesterday's done with - think about today and tomorrow. - George S. May
Reply With Quote
  #7  
Old 02-02-2009, 01:35 AM
Kiril Kiril is offline
LawnSite Fanatic
 
Join Date: Jun 2007
Location: District 9 CA
Posts: 18,306
Quote:
Originally Posted by hunter View Post
are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.

Code:
<? 
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>
Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.
The above only applies to a Linux server. Beyond that, you should set your file permissions (i.e. index.html for Tim) to 444 or 644 if you want to prevent unauthorized writing to the file. 444 permissions are the best for straight html files, but it will require you to change the permissions before you can modify the file. If the file(s) don't change that much, use the 444 permissions. It is also possible to set tighter restrictions on your directories, but the safe setting which will allow just about anything is 755.

This of course does nothing if the hacker has access to the server, especially if it is a shared server. Fact of the matter is, if he is on a shared server his site may not even be the hole at all. I've seen some of the hacking programs used when I was developing my security script ... and they are serious insidious.
Reply With Quote
  #8  
Old 02-02-2009, 02:29 AM
hunter's Avatar
hunter hunter is offline
LawnSite Senior Member
 
Join Date: May 2003
Location: Texas
Posts: 254
Yes this is for a Linux server, was not thinking about a windows server since I never use one.

Also look for a file called htt and m.php. These are other access files they add to your server.
__________________
------------------------------------------------------
Quote:
I don't believe too much in looking back. If you've done well, you're too inclined to become smug. If you've done poorly, you're inclined to become discouraged. Keep looking ahead - yesterday's done with - think about today and tomorrow. - George S. May
Reply With Quote
  #9  
Old 02-05-2009, 01:25 PM
Tim Wilson Tim Wilson is offline
LawnSite Senior Member
 
Join Date: Jan 2008
Location: British Columbia, Canada
Posts: 797
Sorry, I was away for 3 days. Thanks for the advice. I'm on a shared server and did not know I had to change the ftp password along with the access password. That is now done.

There were no antivirus 2009 files on my computer. All I can do now is hope it does not repeat.
Reply With Quote
  #10  
Old 02-05-2009, 03:11 PM
DUSTYCEDAR's Avatar
DUSTYCEDAR DUSTYCEDAR is offline
LawnSite Fanatic
 
Join Date: Jul 2003
Location: PA
Posts: 5,173
you need a bigger lock on you gate tim
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump





Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2012, LawnSite.comô - Moose River Media
All times are GMT -4. The time now is 02:36 AM.

Page generated in 0.10075 seconds with 9 queries