I opened my web site this morning and none of the thousands of pics displayed. I just had an image placement box. After checking on the server site I realised that someone has deleted the folder where the images were stored. I have contacted the web host who is arranging for a backup to be restored but that is from a couple of days ago so I will still have to upload around 300 images again Is it really easy for people to access our web sites and do this and is there something I could have done to prevent this. I did follow the instructions that came with my site and set some numbers as requested Any help/advice would be really great Thanks
Hi, You really need to try and found out how they got access to your files. Have a look through the logs, run a rootkit checker, check the permissions on your files, check make sure any software running on your server (assuming this is some kind of dedicated/vps server?) is up to date. Ultimately, if someone has had access once, you'll probably just find the same thing happens again unless you secure the vulnerability. Matt
You are going to need root access to the server then there are a few different programs that are supposed to be able to check for rootkits, like this one - http://rkhunter.sourceforge.net/ You'd need to download and run the software. If you suspect someone has root access to your server then the first thing to do is make sure you've got a good backup! Regards - Matt
Thanks everyone - my web host have been absolutely useless and haven't suggested anything to make my site secure despite 3 emails...I won't mention their name.......yet!
I don't think that such a hack comes from a rootkit or a complete compromise. If it was, the hacker could have done much more dangers than that. It is probably a vulnerability into the scripts you run, but as long as I don't know the url, it's impossible to say. I would suggest that you check your scripts for known vulnerabilities.
As it has been said, without the URL we can only give generic advices. If you are using PHP with a Linux host, add this to your php.ini: disable_functions = dl,fsockopen,popen,show_source,highlight_file,set_time_limit,phpinfo,dir,unlink,rename,copy,readfile,shell_exec,exec,virtual,passthru,proc_close,proc_get_status,proc_open,proc_terminate,system YES, it can break a few apps (this disables a LOT of functions that can be dangerous), depending on what you're using, but it's going to make a hacker's life MUCH harder Also you should mount /tmp as noexec (it will still be possible to execute stuff from /tmp with the linux loader but it requires knowledge that most script kiddies don't typically have) If you do that it will help a lot for future generic attacks, but there is much, much more to do too.