Page 2 of 2

Posted: Mon Sep 03, 2007 9:21 pm
by s.dot
If it's a shared hosting environment, it is entirely possible that your server was compromised (via someone elses poor coding), and might not be anything you can do about it.

Posted: Fri Sep 07, 2007 3:48 pm
by Billy2007
VladSun wrote:
Billy2007 wrote:
Z3RO21 wrote:Sounds to me like a bot exploiting poorly written code that is not properly validating data.
Agreed. I have updated both php apps - but I still want to understand where the door was, so I can shut it down.
Most probably it is not the case. Usually, only your FTP user has write access to your files, unless they are chmoded to 0777 permissions. That's why a poor coding problem wouldn't result file modifications. You said that your modified files had 0644 permissions, so it should have been done by your FTP user or by other user with write access (e.g. root ;) ).
So, there are two ways it could be done:
1) somebody has access by your FTP user/password (e.g. by using a trojan on you PC);
2) your hosting server has been totally hacked;

I would vote for the second one :)
Yep, number 2 is more likely. As for number 1 - very unlikely. First my PC is in stealth mode (behind a hardware firewall) and outbound traffic is monitored by a software firewall. Second, I do not frequent Porn or Warez sites, I don't open emails from strangers (this PC does not have email), and Third, I scan my PC regularly for spyware, my anti-virus is updated daily, and I scan for rootkits once or twice a year.

but most importantly, why would a hacker go to all the trouble of hacking my computer (which contains links to my bank and where my password and userid could be lifted) all to do a stupid hack that inserted code on one of the pages in my site - how the hell would he even know that it is my site??????