|
taylor12k
|
 |
« on: June 27, 2009, 07:10:16 AM » |
|
hello, my website, hosted by lunarpages is constantly being hacked and having files and directories added to it without my knowledge.
about once per week i find a zillion phishing URLs added to the bottom of the code on my index.htm page!!! also, occasionally i find entire directories buried in my site full of entire phishing websites!!
first of all.. how are these people able to upload files onto my server? what security holes should i look out for? (i'm constantly changing the password, so it's not that)... how can they add code to my index page and re-upload it?
HOW DO I STOP THIS!!???
it's very frustrating, and i would have thought lunarpages would be more secure.
does anyone else have such security problems with their lunarpages site? how can i stop this?
thank you.
|
|
|
|
|
Logged
|
|
|
|
|
MrPhil
|
|
« Reply #1 on: June 27, 2009, 07:32:01 AM » |
|
The two most likely things:
1) You're failing to remove some "planted" script or section of code when you clean up, and it's being reinfected by this code. You need to know all the files on your site, and what's supposed to be in them. Once you're cleaned up, do a ls -laR (if Linux system) to list all the files and their sizes, and periodically check against this list.
2) The PC you use to administer and maintain your site is infected with malware such as a keystroke logger or a password sniffer. As soon as you type in your new password, the hacker knows about it. Get some anti-spyware software and scan your PC on a regular basis.
|
|
|
|
|
Logged
|
|
|
|
|
taylor12k
|
|
« Reply #2 on: June 27, 2009, 07:55:58 AM » |
|
thanks for the helpful tips.
1. i know my site well, and i do try to go thru every directory and fish out the bad files. in fact, just today i cleared out two entire directories buried so deep i didn't know they were there.. hopefully that will help.
2. for what it's worth, i'm on a Mac. not that Macs are immune to spyware, but, less likely to get them, for sure. as well, i don't open strange attachments or anything. however, after i submit this reply, i'll go look for some anti-spyware software for the Mac.
thanks!!
|
|
|
|
|
Logged
|
|
|
|
|
wektech
|
|
« Reply #3 on: June 27, 2009, 08:04:09 AM » |
|
Another security hole that is often overlooked is open wireless connections. If the wireless router or access point is not using a security key or is using a wep key, it is vulnerable to being monitored. Also make sute there are no FTP accounts defined on the server that you did not create, as well as periodically changing the passwords for the authorized ftp accounts.
|
|
|
|
|
Logged
|
|
|
|
|
taylor12k
|
|
« Reply #4 on: June 29, 2009, 10:46:39 AM » |
|
sadly... i've done everything suggested above.. and the attacks have gone from being weekly to daily.... seems like after posting this thread it got worse...  |
|
|
|
|
Logged
|
|
|
|
|
wektech
|
|
« Reply #5 on: June 29, 2009, 12:52:05 PM » |
|
Are you using PHP or other server side scripts? If so, which ones? If the problem is getting worse, you must have a readily identifiable security vulnerbility that is being taken advantage of.
|
|
|
|
|
Logged
|
|
|
|
|
taylor12k
|
|
« Reply #6 on: June 29, 2009, 02:34:39 PM » |
|
i'm using like a java-based rollover thing... it's something that Dreamweaver generates automatically.. and maybe some other rollover type design elements that are Dreamweaver generated. there's also a forum running on the site using Simple Machines.. but i keep that software up-to-date Are you using PHP or other server side scripts? If so, which ones? If the problem is getting worse, you must have a readily identifiable security vulnerbility that is being taken advantage of.
|
|
|
|
|
Logged
|
|
|
|
|
MrPhil
|
|
« Reply #7 on: June 29, 2009, 03:16:17 PM » |
|
there's also a forum running on the site using Simple Machines.. but i keep that software up-to-date
Just to be sure, 1.1.9 and 2.0 RC1-1 are the very latest, with major security fixes. Don't rely on Fantastico to have the very latest version -- they're not infrequently a release or two behind. Also, if you were infected by "krisbarteo" and his magical avatar file, there's lots of manual cleanup you need to do... Be sure to keep up on all this on the SMF forum (simplemachines.org). |
|
|
|
« Last Edit: June 29, 2009, 03:18:11 PM by MrPhil »
|
Logged
|
|
|
|
|
taylor12k
|
|
« Reply #8 on: June 30, 2009, 09:06:58 AM » |
|
ahhh.. just searched for that member name.. and sure enough he's a member of the forum. banned and deleted now and starting cleanup. there's also a forum running on the site using Simple Machines.. but i keep that software up-to-date
Just to be sure, 1.1.9 and 2.0 RC1-1 are the very latest, with major security fixes. Don't rely on Fantastico to have the very latest version -- they're not infrequently a release or two behind. Also, if you were infected by "krisbarteo" and his magical avatar file, there's lots of manual cleanup you need to do... Be sure to keep up on all this on the SMF forum (simplemachines.org). |
|
|
|
|
Logged
|
|
|
|
|
