A lot of my sites are getting hacked by some lame ass Turkish hackers. No idea why they target me and my website as I live in Kenya, Africa! Don't know what we ever did to the Turks. I have noticed a number of times where they insert a index.htm into a folder, except for when it has no effect - then they actually change my index.php file So I have restored the original files, changed my hosting account passwords and 644'd the files/folder they are changing. But every now and then I will find a new file in the images subfolder etc etc - which I have to leave as 777. Any idea where else they are putting these files? Can they install harmful files into these areas? How do I prevent them from accessing my site altogether? Can I ban the whole of Turkey from our server - or will they just use some other way to access the websites? NOTE to the Hackers! Why are you attacking all my websites? I am an African - not an American. We have nothing to do with your problems. Our problems are much worse than yours so grow the f* up and deal!
Chances are they are already using a proxy or something else in an attempt to cover their tracks so banning all of Turkey won't help. As a Turk, I don't see why they would be targeting you from the info given, maybe it is your host or a script you are using with known exploits.
Well, my sites are hosted on an american server - on one of thelayered servers. But my sites all have information only about Kenya on them, so I think they are attacking the whole server regardless of who is on it. My hosting provider doesn't have a clue what is going on as they only say that it is my fault for leaking passwords - but I know other accounts on this server have been hacked too and changing my passwords didn't help me. I am already moving to a new host - but the server is in the US as well (this time in the softlayer datacenter). But this host are much more fluent in server protection. So I should be doing this for my websites: Folder Permissions - 755 File Permissions - 644 ?? This seems to work to keep the sites going - hope it will stop the hackers being able to change our websites as it is getting very annoying now.
I imagine this is a server wide deface and has absloutely nothing to do with your site itself. If you mentioned your domain could probably back that up with a quick search through defacing websites. So I imagine your current host is running an old kernel which the hackers are taking advantage of.
Turkish men are stupid only. They only use bugs which are reported to exploit. Your ISP server maybe rooted and setup rootkit by them. Contact your hosting provider now, I think
These attackers are not targetting anyone in particular. They are looking for sites running specific versions of specific software which they are able to easily break into, using known and sometimes publicly documented holes. There hundreds of publicly available scripts, most of which contain significant security holes, and some of which are no longer maintained. You should be looking into the security record for any scripts you may consider using -- not the marketing hype. You are not going to stop the attacks unless and until you improve your site security and use fully patched, actively maintained software. In addition, you need to learn about security and take steps to harden your PHP installation so that such attacks are harder to launch against you. I should add that you should count yourself lucky that they are interested in defacing sites -- which is a bold warning about the woeful state of security on your site and server. There are a lot of other people who install shell scripts, some of which are trojaned, so that they can silently use your server for their own purposes.
Must you generalise for all Turks!? And if you read, he has contacted the host already. BTW, good points clancey.
Thanks for the advice Clancey. Most of my sites use Joomla 1.0.12 which is very actively supported (in fact I think it is the most popular CMS at the moment). I have gone through their forums and made a few changes which seem to help. 2 of the sites also had SMF which was 'hacked' after I fixed the Joomla problems. I am also changing hosts to a new host who have a better idea of how to run a server. I am fairly IT savvy, but it is not possible for me to learn everything about everything. It is just not efficient that way. That is why I am moving hosts. It is their responsibility to keep the server secure - not mine. Current site has Register Globals on by default - I know that this is very bad, but my current host refuses to change this. Not a prob with the new host. I would like to know the basics about server security - where is a good place to learn about this - (something simple and easy to absorb as my brain is already overflowing with other info lol).
There are some interesting comments about emulating register_globals off at the PHP site at the link: faq.misc.registerglobals I would not be complacent about Joomla and its level of support. A group of hackers say a security advisory will be coming about soon about the current version of Joomla. In a discussion amoung people who have gained admin access, one participant made this May 31, 2007 comment: Unfortunately, they never explain what is broken. Consequently, yoiu cannot fix it until they issue the advisory.
New Host - New problems lol! Well I moved a couple of site to a new host - only now I have a whole different set of problems . Not even sure whether this is related to the Turkish Hacks - or if it is just a problem with the new host. Every 24 hours, my MySQL databases revert back 12 hours, and then a few hours later any files that I added to my site dissappear (images and such). Don't know if this is the hackers as it is not their M.O., a different type of hacker or if it is just an issue with my new host. The host can't find anything wrong at all - which is very worrying. Who knew it was so difficult to run a simple website
yea i am still fighting turkish hackers! every hacker that hacked my image hosting site was from turkey and uploaded shell's and defaced my site with political messages and promoting turkey and its leader! if any one can help me with my script that would be greatly appreciated! the script is just checking the header to see if its a image and i need it to check the file or something! Thanks
as soon as i posted this i went to one of my other sites that i was editing b4 i read this thread and it got hacked by another turk jerk within 10 mins! they redirected my site to this url with music and ads alemking.al.funpic.de/kral.html i cant find the problem! no files have changed in my ftp and im searching my e107 admin panel i found the site where the fucts tell em how to hack and admit to hacking my site dumb %$$&^ put a clickable link to my site on the page! What can and should i do help please
well i found the problem it was in my shout/chat box some how they put a redirect script in there and i fixed the cms/ e107 issue they were uploading php files as .php.jpg and executing them