Hacked? How do I find out how?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Hacked? How do I find out how?

Post by shiznatix »

Hey, long time no posting but I think you guys can help me

One of the websites I run recently got a nice bit of nasty javascript put on the index page. Now, I have no idea how this happened but I really would like to find out.

I don't think they could have guessed the password since it was just a random bunch of letters and numbers and symbols. The server has 3 websites running on it but only the 1 was affected. Its a dedicated box with just those 3 sites on it and I have root and all that jazz.

So, how do I start tracking down the hole? How can I even find out what IP made that change? Where do I start?
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Re: Hacked? How do I find out how?

Post by jason »

You could always start with looking at logs, date/times for file changes, as well as checking the .bash_history (I think that's the files name). Granted, this might all be for nothing, but it's a start. Also, confirm that the JavaScript is indeed in the files, and not just included via some banner exchange thing. That's not that uncommon. That would be my first instinct.

Edit: Forgot to mention, I'd also start by changing my passwords, and getting a system admin to make sure the box isn't compromised.
Post Reply