Topic awaiting preservation: My site got hacked...how to prevent this in the future? (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22917" title="Pages that link to Topic awaiting preservation: My site got hacked...how to prevent this in the future? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: My site got hacked...how to prevent this in the future? <span class="small">(Page 1 of 1)</span>\$

Rinswind 2th Maniac (V) Inmate From: Den Haag: The Royal Residence Insane since: Jul 2000	posted 08-12-2004 22:24 My personal site just got hacked and defaced. I already contacted my hoster by mail (thank god it's not running on that domain) so i hope the problem will be solved soon. Since there is no way for me to contact the site anymore i can do nothing. But i do like to prevent this the next time so i start searching for ways to secure my site. I am not sure were to begin so if someone can give me some pointers i will be very gratefull. The site was an 13 in a dozen shared server with PHP support (4x), a little MySQL database, running on Apache 1.3x. It's controlled bij a C-panel console and FTP for downloading an uploading files. I cannot control the apache server nor the MySQL/PHP (maybe i can control this but i don't know how) tandem. But maybe i can do other things, securing my php scripts for instance or a C-panel upgrade. If anyone has some suggestions let me know. Thanks And yes i will google about it.... <edit>Just saw a typo in the title, hopefully someone from the medical staff can correct this, thanks.</edit> ------------------------------ Support Justice for Pat Richard (Edited by Rinswind 2th on 08-12-2004 22:28)
JKMabry Maniac (V) Inmate From: raht cheah Insane since: Aug 2000	posted 08-13-2004 00:02 Most hacks come from well known exploits in open software like phpBB, Gallery and the nukes etc... best thing to do there is keep any of these that may be running in your user space all patched up as security updates are released. edit: While you may have written a script with holes in it (I believe) would be much less likely to be exploited as that would require actual work on the part of the 'hacker' to discover the hole; I think most 'hackers' just run around popular softwares looking for well know holes for an easy in and out and another notch on their, uh, belt, or something =) In the case of some (I think Gallery is bad about this) cross-site exploits are discovered that allow these 'hackers' to do damage to other user's spaces on the same machine from the user space where the unsecure script is. In that case, there's not much you can do. Just keep backups, pray they don't try to trash the place, and hope your shared host is quick to respond to these types of things. Also a good idea to be mindful of what you're doing and what scripts you are running so as to not put your neighors on that machine at risk. I recently, last week in fact, had one of my sites defaced (they were kind enough to rename the old index file and leave it there), just an index cover sheet with a name on it to show they'd been there. Turns out there was an old Perl calendar script I'd pretty much forgotten about, that was used. I notified my host, they were good enough to quickly find the exploit that was used, disable the script, notify me and report the activity and IP of the offender to the network from which the activity originated, all within 15-20 minutes. This was Dreamhost, they rock. (Edited by JKMabry on 08-13-2004 00:07)
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 08-13-2004 01:02 Typo fixed All hail the power of the mighty grail...
Rinswind 2th Maniac (V) Inmate From: Den Haag: The Royal Residence Insane since: Jul 2000	posted 08-13-2004 01:11 thanks.. The trouble is the host is an one man show (i never ever had contact with other people..) and i send him an mail I don't expect any response until tomorrow... And yes i am looking into another host. One guy just can't service 24/7... I did found some documentation on PHP.net about security: http://nl3.php.net/security ------------------------------ Support Justice for Pat Richard

Topic awaiting preservation: My site got hacked...how to prevent this in the future? (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22917" title="Pages that link to Topic awaiting preservation: My site got hacked...how to prevent this in the future? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: My site got hacked...how to prevent this in the future? <span class="small">(Page 1 of 1)</span>\$

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted 08-12-2004 22:24

My personal site just got hacked and defaced. I already contacted my hoster by mail (thank god it's not running on that domain) so i hope the problem will be solved soon. Since there is no way for me to contact the site anymore i can do nothing.

But i do like to prevent this the next time so i start searching for ways to secure my site. I am not sure were to begin so if someone can give me some pointers i will be very gratefull.

The site was an 13 in a dozen shared server with PHP support (4x), a little MySQL database, running on Apache 1.3x. It's controlled bij a C-panel console and FTP for downloading an uploading files.

I cannot control the apache server nor the MySQL/PHP (maybe i can control this but i don't know how) tandem. But maybe i can do other things, securing my php scripts for instance or a C-panel upgrade.

If anyone has some suggestions let me know. Thanks

And yes i will google about it....

<edit>Just saw a typo in the title, hopefully someone from the medical staff can correct this, thanks.</edit>
------------------------------
Support Justice for Pat Richard

(Edited by Rinswind 2th on 08-12-2004 22:28)

JKMabry
Maniac (V) Inmate

From: raht cheah
Insane since: Aug 2000

posted 08-13-2004 00:02

Most hacks come from well known exploits in open software like phpBB, Gallery and the nukes etc... best thing to do there is keep any of these that may be running in your user space all patched up as security updates are released. edit: While you may have written a script with holes in it (I believe) would be much less likely to be exploited as that would require actual work on the part of the 'hacker' to discover the hole; I think most 'hackers' just run around popular softwares looking for well know holes for an easy in and out and another notch on their, uh, belt, or something =)

In the case of some (I think Gallery is bad about this) cross-site exploits are discovered that allow these 'hackers' to do damage to other user's spaces on the same machine from the user space where the unsecure script is. In that case, there's not much you can do.

Just keep backups, pray they don't try to trash the place, and hope your shared host is quick to respond to these types of things. Also a good idea to be mindful of what you're doing and what scripts you are running so as to not put your neighors on that machine at risk.

I recently, last week in fact, had one of my sites defaced (they were kind enough to rename the old index file and leave it there), just an index cover sheet with a name on it to show they'd been there. Turns out there was an old Perl calendar script I'd pretty much forgotten about, that was used. I notified my host, they were good enough to quickly find the exploit that was used, disable the script, notify me and report the activity and IP of the offender to the network from which the activity originated, all within 15-20 minutes. This was Dreamhost, they rock.

(Edited by JKMabry on 08-13-2004 00:07)

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 08-13-2004 01:02

Typo fixed

All hail the power of the mighty grail...

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted 08-13-2004 01:11

thanks..

The trouble is the host is an one man show (i never ever had contact with other people..) and i send him an mail
I don't expect any response until tomorrow... And yes i am looking into another host. One guy just can't service 24/7...

I did found some documentation on PHP.net about security:
http://nl3.php.net/security

------------------------------
Support Justice for Pat Richard