Page 1 of 1

Hacked....

Posted: Tue Sep 24, 2002 3:48 am
by veneerz
HI Guys,
Looks like my problem which I posted was caused by an attacked which succeeded. After receiving few calls, regarding unauthorized charges from my not so often customers I decided to format my computer (just in case) and also check our PHP scripts.
I found this code which was not there earlier:
passthru($cmd);
I already found out what it does and our back_history shows that someone has been hacked the server. Our hosting company is no help at all. Do not use Hostway! first they told me that they delete all access logs every two days and if I want logs from before I have to pay $100. I asked them what if police requests these logs from me, will I still have to pay you?
Anyway, I changed MySQL password and FTP password as well. I there a way to find out if Trojan is still resident on the server. Damn Hostway so called tech support team does not know what to do.
If anyone knows how to find out who did this and find out if we can protect ourselves please let me know.

Posted: Tue Sep 24, 2002 9:50 am
by phice
You can't do anything remotely. Keep trying tech support. If they dont fix the issue, back up your data from the server, and move to a new host.

Posted: Tue Sep 24, 2002 4:24 pm
by Takuma
If they delete the server log every 2 days how can you get the one before them?

Posted: Tue Sep 24, 2002 7:28 pm
by hob_goblin
Takuma wrote:If they delete the server log every 2 days how can you get the one before them?
Backups.

Plus, that really doesn't help him.

My idea: get a new host. http://www.insiderhosting.com ;)

Posted: Wed Sep 25, 2002 1:12 am
by Takuma
It saids $20 but is that per month or per year? If it per year it is extremely cheap.

P.S. If you backde up all the log file wouldn't that be quite big?

Posted: Wed Sep 25, 2002 3:39 pm
by hob_goblin
Month, and no, not really.