Page 1 of 1

Website hacked

Posted: Mon Aug 01, 2011 3:16 am
by agriz
Hi,

Someone hacked the website. I don't know how did they enter into my website.
But I believe they first uploaded a .pl file and it downloaded a lot of files from other server and changed files chmod to 777

Script removed by admin

Can you tell me what does it do?
One is exploit.conf and another one is freeBSDmaster.password.c

Re: Website hacked

Posted: Tue Aug 02, 2011 1:44 pm
by social_experiment
agriz wrote:I don't know how did they enter into my website. But I believe they first uploaded a .pl file...
Possibly a poorly scripted file upload script :?:

Re: Website hacked

Posted: Mon Aug 08, 2011 6:43 am
by yacahuma
are you running any open source software or just your own?

Re: Website hacked

Posted: Mon Aug 08, 2011 7:06 pm
by twinedev
There are many exploits out there, without information as to server configuration, software versions, code for your site, etc, getting specific will be rough.

On you are able to get a file to upload and execute on a server, you can find out a lot about it, and then based upon versions of the various programs (and OS) you have installed, someone can find known exploitable items which can let them run things as root.

The fun part, if they can do that, you have to really really really check what is accessible from the outside to see where they may have set up other backdoors into your system.

Loads of fun.... Been there, done that...