Hacked

One of my webpages got hacked. And someone posted a link on it. Witch was a VERY Disturbing link, that i would not dare post on this forum OR any other forum AT ALL!. not even if you wanted to see what it was. Now my question is, though haccess is there a way to make it so you have to have a special thing on your link or any pictures for them to work.
or links

and i dont know what i might do for pics.

Thank you

I think you can set up error pages to direct to a 403 which is like a ban really for IP address/ hosts/ browser lots of things.
I have never done any but someone else will help you that knows about these things.

not sure exactly what you're asking but, let me ask you a little bit about what your site's about and maybe securing it a little so it can't be hacked so easily.

I don't think the site was hacked via something your did (or maybe it was) But for someone to add a link to your page to content you described would require (as far as I know) ftp access which means that someone (or possibly you only) on the server might have been compromised and if it is the case then they more than likely left some form of back door to gain entry when ever they like.

I would recommend reporting this to the host and finding out if they know anything.

I was wondering if the site was database driven and if this could have caused the problem through someone getting access to the database..

Well is the site database driven?

Was the content damaged at all?

Don't worry about it, even the tour de france website was hacked . If it was through your database maybe look at strengthening your username and password and make sure you escaoe all possible forms of sql injection attacks.

If in order to get the link there it was hard coded into the page then it more than likely means ftp access was gained

Or it could be he was using PN or some other CMS tool... They all have their own set of vulnerabilities... some db vulns, some file-based.

I think the first step is to simply take a look a the site itself...

Please post a link to your site so we can see what you're talking about.

Thanks
.c

its not database driven,

http://www.theloshas.com

Good band! (damn I miss the Seattle music scene...)

Anyway, hard to say how this happened. Maybe you had a 777 permission on your file, maybe someone got your FTP password, maybe some managed to exploit PHPBB (there are some vulnerabilities for that, make SURE you're running the most current version).

Change your FTP password, double check the permissions on all your files, they should be 655 (right? 633... 600... crap.. I can't remember now. Owner read/write/modify, group read and public read, NEVER public writable)

.c

alright

Would be in agreement. The only way to actually change the page is to gain access to where it is hosted at. There are several vulnerabilities that have nothing to do with the coding of the page itself that could have been used to gain access to the page. If the host is compromised and access has been maintained by the attacker, then there is nothing much that can be done...it falls under the responsibility of the host. Inform them in as much detail in regards to your issue and request information as to what they found and what they plan to do about it. If you are hosting your own site, then that would be you. It is good advice to change all of your access (ftp) information, i.e. passwords. Remember if you can find your password(s) in a dictionary they can be cracked in moments. If your code had database interactivity then it is possible that the system was exploited in that manner.

There will be some upcoming tutorials dealing with these issues.

you're um.. like four years and three months late man..