Website Got Hacked

Maverick340 · 28-08-2008, 06:02 PM

I recevied an email today from RSA saying that my server had some fraud pages. I pointed to those pages and it was true. There were fake login pages to Novascotia Bank and Abbey
I deleted those pages but am now wondering how was the security breach took palce. Absolutely no one knows my password and anonymous ftp was off. There was also no FTP traffic log. I however saw lots of 404 HTTP requests from cetain IP addresses.
This is what i could find : http://paste2.org/p/66817 | http://paste2.org/p/66818 | http://paste2.org/p/66820

Also there were tons of unresolved IP address that had consumed bandwitdh in excess of 10megabytes in the last 10 days.

I am pretty new at all this so please help me out. My website address is fudge dot co dot in

ahref · 28-08-2008, 07:23 PM

Probably the script you are using may contain php shell, also ensure to give 755 or less permission to your files and folders.

victor_rambo · 28-08-2008, 07:46 PM

Is there any web based upload system?
And btw do you trust your webhost?

DigitalDude · 28-08-2008, 10:00 PM

do you have SSH access to the server ?? if yes it might have been compromised by brute force attacks (which was also attempted in my server)

change your root password and also the SSH port from the default 22 to some other port

it might not be this problem alone.. i'm saying cos this is a common problem...

_

Maverick340 · 29-08-2008, 12:19 AM

OKay after spending close to 8 hours on it i have some answers. fudge is a simple no frills non tech blog. The 'hacker' created a folder iamges in my public_html foder and pur some php script in it. Name of the script is c99 v0.0.1 SYN-MOD [SYNSTA]
Googling threw up some light on this, seems like a script that has been doing rounds. I deleted those files, removed all other traces of fake login pages etc. I downloaded the source code of the malicious script and also the fake login pages. They do contain some email IDs. I was wondering if o could sumbit them somewhere to help stop phising and web forgery. Also i upgraded the blog from 2.6 to 2.6.1
I want to know if i can do something to protect myself from such attacks. I am still confused how and why was i attacked :-/

mad_max · 29-08-2008, 01:10 AM

forget the why bro concentrate on how

my 2 bits of input lol

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine