Yes I got hacked again

[Tim Wilson]

My website was hacked again .....GEEEZ
And I fixed it again but it took half a day because my host got things all balled up trying to help me. I thought their security would protect me but I guess not.

Kiril, do you know how to Iron Clad my site?

[treegal1]

fire and re hire your web guy,,,,,,,,,,

[Tim Wilson]

Trouble is...I'm the web guy.

[treegal1]

Quote:

Originally Posted by Tim Wilson

Trouble is...I'm the web guy.

oh that's the hardest to do then, I will ask about some help first thing, I got a guy that helps me and can ask if he has something sure fire, so far he has got a good track record...

[Kiril]

Quote:

Originally Posted by Tim Wilson

Kiril, do you know how to Iron Clad my site?

I'm not a security expert, but I have coded scripts to secure websites.
Are you running your own server? If not, are you certain your site is the security hole?

[hunter]

are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.

Code:

<? 
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>

Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.

[Kiril]

Quote:

Originally Posted by hunter

are they changing your htaccess file. Currently this is the new hot way of getting into your site was by downloading the fake antivirus2009 program that may have popped up on your browser one day. And when it runs it steals you ftp passwords and logins. Look for a file called av2009.exe on your system and remove it. Then of course change all your ftp passwords. Make sure all your directories permissions are not set to 0777 but to 0755. To find out what files my be set to 0777 run this script. Save it as a php page then call it with your browser.

Code:

<? 
$a=`ls -lR //// |grep rwxrwxrwx`;
$a=str_replace("\n", "<br>", $a);
echo $a;
?>

Just change the //// to the path of your website. not the url.

But make sure you look at your htaccess files to make sure they have not added any lines of code. Usually it is at the bottom.

The above only applies to a Linux server. Beyond that, you should set your file permissions (i.e. index.html for Tim) to 444 or 644 if you want to prevent unauthorized writing to the file. 444 permissions are the best for straight html files, but it will require you to change the permissions before you can modify the file. If the file(s) don't change that much, use the 444 permissions. It is also possible to set tighter restrictions on your directories, but the safe setting which will allow just about anything is 755.

This of course does nothing if the hacker has access to the server, especially if it is a shared server. Fact of the matter is, if he is on a shared server his site may not even be the hole at all. I've seen some of the hacking programs used when I was developing my security script ... and they are serious insidious.

[hunter]

Yes this is for a Linux server, was not thinking about a windows server since I never use one.

Also look for a file called htt and m.php. These are other access files they add to your server.

[Tim Wilson]

Sorry, I was away for 3 days. Thanks for the advice. I'm on a shared server and did not know I had to change the ftp password along with the access password. That is now done.

There were no antivirus 2009 files on my computer. All I can do now is hope it does not repeat.

[DUSTYCEDAR]

you need a bigger lock on you gate tim