yesterday my site has been abused by hacker(s) using a very particular software set that seems created just for that one purpose - to intrude sites - to upload illegal files of scripts to either us that victim-site - for hosting an illegal phishing site - for mass mailing this is nothing funny at all - at least IMHO! my host is unhappy others as well me too hence i started to investigate into the case studied access_log files studied the procedure used to intrude the site for uploading studied proxies used and I find little help out there about any tools used and how to detect in very early stage such future site intrusion. In my case fortunately my host 1and1.com detected this last case in its very early stage and thus prevented a greater damage. yet i feel it might be mutually beneficial for any honest, sincere and serious site owners to exchange experiences and to help each other to prevent any future site intrusion or to detect such site intrusions NOW as long as no damage has been done yet. there are particular procedures used and particular files employed for such an illegal action. in my case it appears to be one set of software to be uploaded - may be on other sites with different file names - but particular features that eventually could be detected in a very early stage. I also noticed that these hackers first check the availability of the tools, leading to the assumption that they ( or he ) may possibly sometimes leave such tools behind on a successfully hacked site for later re-use ... knowing so anyone who possible could become a victim could check for existence of either such tools by name or particular strings within such tools if files are renamed. anyone wishing to exchange information is welcome to directly email me - see my profile. if feel that the matter may be only for limited public discussion use since hacker(s) might be reading as well and try to alway be one step ahead. I would prefer exchange of data with old established site owners having a full profile in this forum rather than newbies or site owners without published site or empty profiles. however i also feel that a kind of "crime free alliance" might be beneficial to all those having honest interests in staying clean all the way. I am also willing to fully cooperate with any official or legal institution working toward a safer web by preventing crime rather than fighting crime.
Feb 22 my host has informed me of illegal hacker activities within the web space of my anyboard forum. In a lengthy procedure I found some 40+ sites using anyboard and contacted them by email as of todays feedback received: ALL those webmasters/site-owners who took the time to verify the details provided by me for any possible intrusion detection reported solid evidence of hackers activities and files left behind were found. the bad news for all is: the very same files and hacking methods used i anyboard cases might most likely also be used for many other software out there - even for your DSL connected home PC! if you have an Anyboard forum and get no help from netbula.com support then you may want to read my today's Anyboard security alert and tehn contact me directly for more details to search for possible evidence of intrusion by hackers