Hacked

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

One of my webpages got hacked. And someone posted a link on it. Witch was a VERY Disturbing link, that i would not dare post on this forum OR any other forum AT ALL!. not even if you wanted to see what it was. Now my question is, though haccess is there a way to make it so you have to have a special thing on your link or any pictures for them to work.
Code: [ Select ]
index.php?goto=www.the_link.com
or links

and i dont know what i might do for pics.

Thank you
  • suzie
  • Guru
  • Guru
  • User avatar
  • Posts: 1134
  • Loc: England

Post 3+ Months Ago

I think you can set up error pages to direct to a 403 which is like a ban really for IP address/ hosts/ browser lots of things.
I have never done any but someone else will help you that knows about these things.
:)
  • darkermoon
  • Expert
  • Expert
  • User avatar
  • Posts: 542
  • Loc: Riverdale, MD

Post 3+ Months Ago

not sure exactly what you're asking but, let me ask you a little bit about what your site's about and maybe securing it a little so it can't be hacked so easily.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

I don't think the site was hacked via something your did (or maybe it was) But for someone to add a link to your page to content you described would require (as far as I know) ftp access which means that someone (or possibly you only) on the server might have been compromised and if it is the case then they more than likely left some form of back door to gain entry when ever they like.

I would recommend reporting this to the host and finding out if they know anything.
  • darkermoon
  • Expert
  • Expert
  • User avatar
  • Posts: 542
  • Loc: Riverdale, MD

Post 3+ Months Ago

I was wondering if the site was database driven and if this could have caused the problem through someone getting access to the database..
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Well is the site database driven?

Was the content damaged at all?

Don't worry about it, even the tour de france website was hacked :). If it was through your database maybe look at strengthening your username and password and make sure you escaoe all possible forms of sql injection attacks.

If in order to get the link there it was hard coded into the page then it more than likely means ftp access was gained
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Or it could be he was using PN or some other CMS tool... They all have their own set of vulnerabilities... some db vulns, some file-based.

I think the first step is to simply take a look a the site itself...

Please post a link to your site so we can see what you're talking about.

Thanks
.c
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

its not database driven,

http://www.theloshas.com
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Good band! (damn I miss the Seattle music scene...)

Anyway, hard to say how this happened. Maybe you had a 777 permission on your file, maybe someone got your FTP password, maybe some managed to exploit PHPBB (there are some vulnerabilities for that, make SURE you're running the most current version).

Change your FTP password, double check the permissions on all your files, they should be 655 (right? 633... 600... crap.. I can't remember now. Owner read/write/modify, group read and public read, NEVER public writable)

.c
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

alright
  • hmsims
  • Newbie
  • Newbie
  • User avatar
  • Posts: 10

Post 3+ Months Ago

Would be in agreement. The only way to actually change the page is to gain access to where it is hosted at. There are several vulnerabilities that have nothing to do with the coding of the page itself that could have been used to gain access to the page. If the host is compromised and access has been maintained by the attacker, then there is nothing much that can be done...it falls under the responsibility of the host. Inform them in as much detail in regards to your issue and request information as to what they found and what they plan to do about it. If you are hosting your own site, then that would be you. It is good advice to change all of your access (ftp) information, i.e. passwords. Remember if you can find your password(s) in a dictionary they can be cracked in moments. If your code had database interactivity then it is possible that the system was exploited in that manner.

There will be some upcoming tutorials dealing with these issues.
  • darkermoon
  • Expert
  • Expert
  • User avatar
  • Posts: 542
  • Loc: Riverdale, MD

Post 3+ Months Ago

you're um.. like four years and three months late man..

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 3 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.