Someone's hacked my site! :-(

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Hmm... It's happened again. Different code added (an IFRAME) and it (was) sending out trojans...

I've asked the host to do some proper checking of logs this time and I'm dumping them now, enough is enough. It's a shared server actually but they only have 3 users on it... I wonder if they've used some sort of code to access my home dir?

You cant do it with SSH directly but it would be possible using nasty scripts on the server.

Bye bye web host
(starts looking for a more reliable host)
Just wish I had the money to run my own 10Mbit server :(
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Would you feel comfortable informing us which host you are/were using? This way we are able to steer other people (who probably wont know any better re: hacking) away from them... If they only have 3 hosts on the server, they WILL be able to find out the entry point and close it, if they're not willing/able to do even the most basic of data forensic's they shouldn't be running a hosting company.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

http://www.pickaweb.co.uk/

When asked if they even offer dedicated hosting the response of the call centre guy was "Ermmm.... I'll just pop you on hold.".

He came back a minute later and said "No, the only hosting we offer at present are the plans shown on the site".

I have asked them to do a proper log check and try to detrmine what happened. He took my email address and I haven't heard back - not even a note to say they're looking into it.

I was really happy with them when I first started using them and perhaps they will put extra meausre in place to prevent this in future but I won't be using them to find out ;)
digitil
Forum Newbie
Posts: 3
Joined: Fri Jul 08, 2005 5:36 pm

plenty of sucky hosting providers out there

Post by digitil »

oh, I remember this .... I used to be with an el cheapo host until i had enough bad support and weird server stuff happening.

by the way, back then i wasn't nearly as proficient in PHP as I am now - and I was able to look into other people's sites (about 140 of them), by simply running an off-the-web directory listing script. showed me all the files people had. I bet your old host had lousy permissions, allowing php or perl or whatever to access all user sites. and then some geek just started placing this file into everyone else's pages.

better spend a bit more money on hosting and get a provider that has enterprise level set-up. i'd say if you spend less than $25/month you are sitting on a liability.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: plenty of sucky hosting providers out there

Post by Chris Corbyn »

digitil wrote:i'd say if you spend less than $25/month you are sitting on a liability.
I say someone should send me a brand spanking shiny new server and provide a fast net connection :P

Ok that was a joke. But I'd love to run my own server ;)
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Meaby uml (usermode linux) is an option..
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

I'ved had very good experiences with http://www.hostroute.co.uk (or .com). Very reliable, professional hosting company. Almost all my sites are hosted with them. In the four years I've been with them a good 99% uptime, good and knowledgable support (ticketsystem). If you rent a shared server in the USA you save a couple of quid.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

timvw wrote:Meaby uml (usermode linux) is an option..
Mythic Beasts offer UML deals if you're up for maintaining your own server. Haven't used them myself.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

McGruff wrote:
timvw wrote:Meaby uml (usermode linux) is an option..
Mythic Beasts offer UML deals if you're up for maintaining your own server. Haven't used them myself.
Thanks for that McGruff. This looks great, and also not as expensive as I was expecting. I think I'm gonna give this a shot. Has anyone used these guys before?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Okay I'm liking the sound of this....
> I'd be taking out the £41/quarter option until I get a good feel for the
> service.
>
> Although I run Linux at home as well as maintain and update my own
> PHP/Apache/MySQL etc I'm new to the whole concept of UML. Things I'm
> wondering are:
> How close is this to actually connecting to a dedicated server by SSH?

`Reasonably' -- enough that you would notice, but not so
much as to get in the way of the vast majority of
applications. Specifically...

> By that I mean....
> + Can I add/delete user accounts?
> + Can I set up "Virtual Servers" in httpd.conf so that I can provide
> websites for clients too?
> + Can I maintain my own IMAP server?
> + Can I install software which would require root access?

Yes to all of these.

> + Not important, just a bonus but, could I have x-VNC access or is
> an X desktop environment not installed?

There's nothing to stop you running X or VNC, though I
don't think any of our images would have them installed by
default. With modern packaging tools installation should
be pretty painless.

> Also, I'm curious if you are able to install SuSE 9.2 on such a setup
> (installs straight off the FTP)?

I'm afraid we don't have any SuSE images at the moment.
Creation of a new image should, in principle, be pretty
easy, but there are often unexpected incompatibilities,
and I have not yet looked at the SuSE distribution to see
how painless an installation would be. I will get back to
you on this if you especially want to run SuSE.

> I'd be happy to go with FC2 if this
> will mean significantly quicker setup time. What is a rough timescale
> from the point of application to obtaining server access by the way?

Should be same working day, though usually quicker.

> When I get access will anything other than the base packages be
> installed or do I need to set this up myself? i.e. Could it
> theoretically run as a webserver with PHP/Python/Perl/MySQL before I
> even install anything? - on another thought, I'd quite like to have
> CPanel running on the server too so it could be an advantage to have a
> clean install anyway since the install for this recommends starting from
> a fresh install of linux.

The images we provide are typically quite minimal
configured.

> Until now I've been on shared hosting plans with poor security (I've had
> applications vandalised by other users residing on the servers).
>
> I'd be grateful if you could clear up the points I'm unsure on and I'd
> then be very happy to apply for a hosting account straight away and hope
> for a long-term business relationship with yourselves.

No problem. Please get back in touch if you have any
further questions. If you'd like us to set up an account
for you it would be helpful if you could complete the
application form at,
https://secure.mythic-beasts.com/cgi-bin/newvdsapp
I should point out that that reply was received, *on a saturday*, within an hour of sending it!.

Thanks Guys ;)
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Although we're going way off-topic it's always a good idea to perform a little search at webhostingtalk.com etc... I assume not so kosher hosters would be mentionned there...
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

If anybody's interested these guys are great. I got my account setup last night at 23:00 and today have connected, installed Gentoo on the server within ten mins and started adding users and installing things I need. You DO need GNU/Linux experience to take on such hosting though since all you get is a blank Filesystem initially.

If anybody else signs up, provide my name "d11wtq" in the box which asks who referred you and I'll half your first 3 months cost with you because I would otherwise get 3 months free. i.e Sign up now and you can have 3 months of UML hosting for 20 GBP. PM me first please.

http://mythic-beasts.com/vds.html

[Topic solved]
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

timvw wrote:Although we're going way off-topic it's always a good idea to perform a little search at webhostingtalk.com etc... I assume not so kosher hosters would be mentionned there...
True, but do not treat webhostingtalk's recommendations as gold standard. They've recommended a hosting company which, after I set up a site there, failed me repeatedly at very crucial moments (fasthosts.co.uk - ridiculous support, unclear maintenance etc.)
Post Reply