Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 6 of 6

This is a discussion on Site hacked? in the Shared & Semi-Dedicated forum
My client just called because she was having problem uploading files on her site. After doing some tests, I notices that in most of the ...

  1. 10-26-2006, 04:27 PM #1
    Isengard
    Isengard is offline
    JPC Member Isengard's Avatar
    Join Date
    Mar 2003
    Location
    Montreal, QC, Canada
    Posts
    17

    Site hacked?

    My client just called because she was having problem uploading files on her site. After doing some tests, I notices that in most of the dir on the server, there was php and htaccess scripts that were not supposed to ne there! I guess I was hacked by some lamer... What can I do to prevent this??? The admin pages are protected by a password with htaccess and htpasswd files, are those that easy to go through??

    What do you guys advise to prevent this kind of attack?

    Regards

    Isengard
    Reply With Quote Reply With Quote
  2. 10-26-2006, 04:41 PM #2
    Vin DSL
    Vin DSL is offline
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,775
    Go through your server log[s] line-by-line, see how the perps got in, and what they did -- then harden the site against further attack...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL © 2010
    Reply With Quote Reply With Quote
  3. 10-26-2006, 04:49 PM #3
    Isengard
    Isengard is offline
    JPC Member Isengard's Avatar
    Join Date
    Mar 2003
    Location
    Montreal, QC, Canada
    Posts
    17
    Don't you need to have access to an input field for sql injection?? If so, it means that they got access to the secure part of the site first cause there is no input fields of any kind on the public site... Am I right?
    Reply With Quote Reply With Quote
  4. 10-26-2006, 04:55 PM #4
    Vin DSL
    Vin DSL is offline
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,775
    Ygpm...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL © 2010
    Reply With Quote Reply With Quote
  5. 10-27-2006, 07:42 AM #5
    jason
    jason is offline
    Community Leader jason's Avatar
    Join Date
    Sep 2001
    Location
    Rochester, NY
    Posts
    6,003
    Most likly, whatever piece of software you were running was out of date and someone got through vian an exploit in the code. This is pretty common in shared hosting because so many people run the same apps (like forums, blogs, CMSes, and whatnot) and they don't always keep them upgraded. As soon as a bug is discovered in a piece of software, your site becomes fair game for the script kiddies.

    I'd recommend checking all of the sites for the software you use regularly so that you can update things as needed. Most projects have notification lists you can sign up on to be notified of important news, like updates and patches. I recommend subscribing to these, but DON't reply on them to alrert you to everything. You should still check the site yourself on a somewhat regular basis.

    And, to answer your question, no, you don't need a form for someone to "get in." It is trivial to send data to a web script without using a form, and the receiving script really has no way to know if the data sent came from a legit form or from someone trying to do something malicious by another means.

    --Jason
    Jason Pitoniak
    Interbrite Communications
    www.interbrite.com www.kodiakskorner.com
    Reply With Quote Reply With Quote
  6. 10-27-2006, 12:37 PM #6
    Vin DSL
    Vin DSL is offline
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,775
    Quote Originally Posted by jason View Post
    And, to answer your question, no, you don't need a form for someone to "get in." It is trivial to send data to a web script without using a form...
    This has been pointed out to him...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL © 2010
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules