Results 1 to 10 of 10

Thread: PHP Site hacked

  1. #1
    bogart's Avatar
    bogart is offline Super Moderator
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    Thanks
    1,886
    Thanked 776 Times in 609 Posts

    PHP Site hacked

    I just noticed that one of my php sites was hacked. The hacker added some invisible links to the bottom of the homepage. This is funny as site doesn't use a sql database.

    I guess I'll change my file permissions to 444.

    Any other suggestions?

  2. #2
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,238
    Thanks
    171
    Thanked 303 Times in 230 Posts
    Contact your web host since the server may have been hacked. Or maybe you installed a bad plugin or theme?

  3. Thanked by:

    bogart (22 November, 2011), robjones (22 November, 2011)

  4. #3
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,029
    Thanks
    345
    Thanked 902 Times in 689 Posts
    This does sound like someone either hacked the server or cracked your FTP access.

    From my experience, most hosting companies will never admit a server hack until the information starts to go public. Nonetheless, report it to them so that they check other sites on the server. If you have other sites on the same server, check them as well.

    If you are using FileZilla for FTP, be aware that passwords are not encrypted in FileZilla.

    FileZilla Alert – Hacker Threat Through Trojan Virus

    The 444 permissions will not prevent a hack from either scenario.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  5. Thanked by:

    bogart (22 November, 2011), robjones (22 November, 2011)

  6. #4
    robjones's Avatar
    robjones is offline Trail Boss
    Join Date
    Dec 2008
    Location
    Lone Star State
    Posts
    1,112
    Thanks
    510
    Thanked 441 Times in 292 Posts
    For the last couple of years I've been out of the biz of administering my own stuff, opting to provide content for others, but I've known for some time its silly not to build a separate income on my own sites while contracting for others too, so this sorta fun will become my problem again soon. Given that, I'm going to have to bone up on the technical downsides I've had the luxury of leaving to the techs for a few years.

    I apologize in advance if I'm asking an elementary question, but what did you mean by "I guess I'll change my file permissions to 444." Been a long time since I was FTPing stuff up onto sites, so if I knew this I've apparently forgotten.

  7. #5
    bogart's Avatar
    bogart is offline Super Moderator
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    Thanks
    1,886
    Thanked 776 Times in 609 Posts
    Quote Originally Posted by robjones View Post
    For the last couple of years I've been out of the biz of administering my own stuff, opting to provide content for others, but I've known for some time its silly not to build a separate income on my own sites while contracting for others too, so this sorta fun will become my problem again soon. Given that, I'm going to have to bone up on the technical downsides I've had the luxury of leaving to the techs for a few years.

    I apologize in advance if I'm asking an elementary question, but what did you mean by "I guess I'll change my file permissions to 444." Been a long time since I was FTPing stuff up onto sites, so if I knew this I've apparently forgotten.
    Take a look at this: http://faq.nucleuscms.org/item/173

    C
    hanging file permissions to 444 disables write permission.



    ---------- Post added at 14:38 PM ---------- Previous post was at 14:34 PM ----------

    Quote Originally Posted by Andy101 View Post
    Contact your web host since the server may have been hacked. Or maybe you installed a bad plugin or theme?
    The site doesn't have any plugins or theme. It's just a basic php includes and css. The host had been doing some upgrades. Perhaps this is the reason why.

  8. Thanked by:

    robjones (22 November, 2011)

  9. #6
    robjones's Avatar
    robjones is offline Trail Boss
    Join Date
    Dec 2008
    Location
    Lone Star State
    Posts
    1,112
    Thanks
    510
    Thanked 441 Times in 292 Posts
    Bookmarked. Sorry for diverting with a question. Good to know.

  10. #7
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,029
    Thanks
    345
    Thanked 902 Times in 689 Posts
    Quote Originally Posted by bogart View Post
    The host had been doing some upgrades. Perhaps this is the reason why.
    Could be. Like I said, most hosts will not acknowledge when they've been hacked.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  11. #8
    iowadawg's Avatar
    iowadawg is offline Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,062
    Blog Entries
    4
    Thanks
    166
    Thanked 358 Times in 307 Posts
    Server attacks happen quite a bit.
    As been said, host companies are mum on this.

    I do have one host company though that admitted this and said they have locked their servers to make it harder.
    Never had another problem with that company.

    I make sure that:
    Cpanel....username and password make no damn sense, using lower and upper case, lettters-numbers-other characters.
    Same thing with any database.
    And again, same thing with any site login (like wp-admin for wordpress).
    I do this because I can have a written copy of everything (in my little 3x5 file box).

  12. #9
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,029
    Thanks
    345
    Thanked 902 Times in 689 Posts
    My VPS server was getting hit with more than 250 attacks every day. I had to install a firewall that blocks the IP of the attacker after 5 attempts to crack the root password. If your hosting company does not use a firewall like that, the hackers will relentlessly attempt to crack the root password to the server. Some servers only allow 8 characters for the root password and the login ID is always "root", so the password can eventually be broken if the password is not strong enough.

    A few years back I was working on a client account at what was the second largest hosting company in the world and saw that the site was hacked. I changed the password to a very strong password and the site was hacked again. That told me that the server had been compromised. The hosting company vehemently denied that any of their servers had ever been hacked--until the articles started to hit the web about the thousands of sites that had indeed been hacked. After that they changed their name.

    If you search for "Interland hacked" you will find that they had been hacked many times prior to the hack that I reported. I have not heard of them being hacked after they changed their name to web.com.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  13. Thanked by:

    bogart (13 December, 2011)

  14. #10
    eranivdoll is offline Unknown Net Builder
    Join Date
    Dec 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It may be happened due to free plugin installation because it has happened with my site also.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •