Hacked....
Posted: Tue Sep 24, 2002 3:48 am
HI Guys,
Looks like my problem which I posted was caused by an attacked which succeeded. After receiving few calls, regarding unauthorized charges from my not so often customers I decided to format my computer (just in case) and also check our PHP scripts.
I found this code which was not there earlier:
passthru($cmd);
I already found out what it does and our back_history shows that someone has been hacked the server. Our hosting company is no help at all. Do not use Hostway! first they told me that they delete all access logs every two days and if I want logs from before I have to pay $100. I asked them what if police requests these logs from me, will I still have to pay you?
Anyway, I changed MySQL password and FTP password as well. I there a way to find out if Trojan is still resident on the server. Damn Hostway so called tech support team does not know what to do.
If anyone knows how to find out who did this and find out if we can protect ourselves please let me know.
Looks like my problem which I posted was caused by an attacked which succeeded. After receiving few calls, regarding unauthorized charges from my not so often customers I decided to format my computer (just in case) and also check our PHP scripts.
I found this code which was not there earlier:
passthru($cmd);
I already found out what it does and our back_history shows that someone has been hacked the server. Our hosting company is no help at all. Do not use Hostway! first they told me that they delete all access logs every two days and if I want logs from before I have to pay $100. I asked them what if police requests these logs from me, will I still have to pay you?
Anyway, I changed MySQL password and FTP password as well. I there a way to find out if Trojan is still resident on the server. Damn Hostway so called tech support team does not know what to do.
If anyone knows how to find out who did this and find out if we can protect ourselves please let me know.