Hey, long time no posting but I think you guys can help me
One of the websites I run recently got a nice bit of nasty javascript put on the index page. Now, I have no idea how this happened but I really would like to find out.
I don't think they could have guessed the password since it was just a random bunch of letters and numbers and symbols. The server has 3 websites running on it but only the 1 was affected. Its a dedicated box with just those 3 sites on it and I have root and all that jazz.
So, how do I start tracking down the hole? How can I even find out what IP made that change? Where do I start?
Hacked? How do I find out how?
Moderator: General Moderators
Re: Hacked? How do I find out how?
You could always start with looking at logs, date/times for file changes, as well as checking the .bash_history (I think that's the files name). Granted, this might all be for nothing, but it's a start. Also, confirm that the JavaScript is indeed in the files, and not just included via some banner exchange thing. That's not that uncommon. That would be my first instinct.
Edit: Forgot to mention, I'd also start by changing my passwords, and getting a system admin to make sure the box isn't compromised.
Edit: Forgot to mention, I'd also start by changing my passwords, and getting a system admin to make sure the box isn't compromised.