|
Website Hacking Problems
Our team (1726) has had a website for some time now, and just recently (sunday) I woke up, checked the website, and it had been hacked. At first it looked like just the index file had been hacked, but after looking around, I realized that several other files had been added or changed in different directories. I've tried deleting all the files I could find that were changed, but every time I reload our index file, it is only several hours before it is changed back. You can see what the hacked page looks like here:
http://www.project1726.org But PLEASE don't click on any links that may be on there. I wanted to know if anyone had experience in isolating and removing problems like this? We have continually contacted our hosting service, http://www.globat.com, but even though they delete the changed folders and files, the problem persists. Any help right now would be extremely appreciated! Thanks! -1726 webmaster |
Re: Website Hacking Problems
Change your password?
EDIT: Appears like its just some guy looking to throw his name here and there. Nothing serious really, just some e-graffiti. Change your password and he'll take the path of least resistance (some other site). |
Re: Website Hacking Problems
Changing the password was the first thing we did. We are also going to look into another hosting site.
|
Re: Website Hacking Problems
Check your raw access logs to see if a scripted page is being exploited.
|
Re: Website Hacking Problems
did you change ALL the paswords related to the account? Are you running any sort of a script or CMS or forum or something with a sercurity hole? But yeah, most likely this would be your host's problem. And if they can't prevent it, you should change hosts.
|
Re: Website Hacking Problems
Quote:
OP: Are there any scripts that use ftp? The host should also have a log of who logged into the ftp server and at what time. |
Re: Website Hacking Problems
For now we are disabling all forums, blogs, picture uploading capacity, etc. We hope that this will clear up the problem (for now).
|
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
Quote:
Check your access logs, and see if you can find anything there. Check the file/folder permissions of the root directory. If it's are listed as 777, this is a security problem. Change (chmod) them to 770 or 755. You can create subfolders with a chmod setting of 777, but only do so where your scripts actually need file creation/deletion/alteration permissions. If all you have in a directory is static HTML files that you alter via FTP, lock down the file permissions for that directory. If users can upload files through a script, make sure the script is doing proper checks of the file to verify the contents. Check PHPbb or your photo gallery websites for any plug-ins that provide extra security in this department. Check to make sure there aren't any additional user accounts with administrator privileges. If the hacker found his way into your website, he could have also gained access to your Control Panel, where he could have created a back-door FTP user account with a separate username and password. I'd suspect that there is some sort of backdoor entrance somewhere (perhaps one exploited by a security loophole in your scripts), especially since you said changing passwords didn't solve the problem. Check everything. FTP. Forums. etc. And last, but not least, make sure your passwords are secure. Don't pick obvious things. Use lots of 'weird' things like l0w3rcaS3 & uPpeRca5e letters, along with 5pEC!aL cHaR|\CT3r5. Make long passwords. Don't ever store your password anywhere except your head. |
Re: Website Hacking Problems
Quote:
Since I make such long and random passwords as you are recomending myself, I can't ever remember all of them. I just remember the one password to an encrypted file where I store all my other passwords, and then copy and paste the other passwords from the file. If you go this route, make sure that you are using a good pasphrase for the encrypted file, and you trust the software that is encrypting your data. If anyone gets ahold of the file, your passwords would only be as secure as the password to the file and the encryption scheme. In case anyone is interested, I use gpg to encrypt my stuff. |
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
Quote:
|
Re: Website Hacking Problems
[Offtopic]Jimi Hendrix said "If a six truned into nine, I won't mind", but it appears the nine turned into a six. Wonder what he's say about that...
Anyway, the PI-O-Neers just love it...[/Offtopic] I just uploaded a white paper on Password Security, this will help people create (and remember!) very strong passwords for multiple sites. Enjoy. Don |
Re: Website Hacking Problems
1 Attachment(s)
Quote:
[EDIT] I chmod(ed) it to 755 |
Re: Website Hacking Problems
Quote:
Basically, when a folder is chmod'd to 777, it means anyone can read, execute, or write files to that directory. The order of the numbers means [Owner] [Group] [User], each with a value from 0-7. Since we certainly don't want anonymous users being able to write files to the directory, we change the Group and User values to a lower value, which allow them to read and execute, but not write to that directory. Hence, we get a more secure file permissions value of 755. |
Re: Website Hacking Problems
I didn't actually see what your problem was, but our site was recently hacked as well. It's been running on a CMS for ease of transfer to the next webmaster, so at first I assumed that either that or the forum was the loophole and that I would go about trying to find that. I later discovered, after talking with our private host, that it was a root access hack, and that all sites on the server had been hacked through the server's root user. We got hit pretty hard, as ALL web-based files (PHP, HTML, HTM...) were overwritten by copies that contained a meta refresh, redirecting our site to some foreign forum. I still can't delete some of them because of ownership and permission changes that were also made, but if that's what you're dealing with, you'll have to go through your host if you actually want to correct it.
|
Re: Website Hacking Problems
Quote:
Now we just have to wait and see if it gets hacked again.... |
Re: Website Hacking Problems
Quote:
EDIT: Basically, this is the exact reverse of their automated script. ;) |
Re: Website Hacking Problems
That's exactly what they did, and I could run through that, but I'm working with our host, and he's told me he will reset ownership for us. As it is, I can overwrite everything they did, I just need a couple thigns deleted that I don't have originals to overwrite with. It's not a big deal any more, just that at some point between now and next season it will be good for whoever takes over as webmaster for our team to have the right ownership.
|
Re: Website Hacking Problems
You might want to further go through and patch any security holes in scripts that you hand-wrote. Make sure nothing allows a user to inject headers (for example, in a email sender) or upload files with filetypes other than specific ones (ie: allow jpg, prevent .php or .asp or whatever).
If you are running on Apache (your gallery uses php files, so I will assume this is true), you can also use .htaccess files to block IP addresses of known offenders. A nice look at .htaccess can be found here -- they're quite useful for many things. Also, I don't know if anyone told you otherwise, but your site is built using tables. There's nothing wrong with that, but if you are hoping to grow as a web developer, look into learning CSS and using it for layout as well as style. Alistapart.com (A List Apart) is a pretty amazing site for web design concepts in general. The table vs. CSS debate can be found here. |
| All times are GMT -5. The time now is 01:31. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi