Website hacked

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
agriz
Forum Contributor
Posts: 106
Joined: Sun Nov 23, 2008 9:29 pm

Website hacked

Post by agriz »

Hi,

Someone hacked the website. I don't know how did they enter into my website.
But I believe they first uploaded a .pl file and it downloaded a lot of files from other server and changed files chmod to 777

Script removed by admin

Can you tell me what does it do?
One is exploit.conf and another one is freeBSDmaster.password.c
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Website hacked

Post by social_experiment »

agriz wrote:I don't know how did they enter into my website. But I believe they first uploaded a .pl file...
Possibly a poorly scripted file upload script :?:
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: Website hacked

Post by yacahuma »

are you running any open source software or just your own?
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Website hacked

Post by twinedev »

There are many exploits out there, without information as to server configuration, software versions, code for your site, etc, getting specific will be rough.

On you are able to get a file to upload and execute on a server, you can find out a lot about it, and then based upon versions of the various programs (and OS) you have installed, someone can find known exploitable items which can let them run things as root.

The fun part, if they can do that, you have to really really really check what is accessible from the outside to see where they may have set up other backdoors into your system.

Loads of fun.... Been there, done that...
Post Reply