My hosting account been HACKED and I want to know what it is!

Discussion in 'Web Hosting' started by heavener, Jan 8, 2009.

0
  1. #1
    So as per the title, my hosting account with Host Department was recently hacked in to and infected a few of my web sites. No word on who it was or how they did it, but they infected over 400 files, and dumped over 3000 files on the server. :eek:

    I'm just interested in finding out what exactly was left on my server.. I've looked at a few files and they are actually super interesting. I was just wondering if any one could lend a hand in identifying what the files are for...? :confused:

    I've compiled all of the files in a directory on one of my sites. There's also a zipped file in the root Directory if you'd like to download them to examine the PHP code. Before going to the link, please read below:

    Please note that although I see no warnings and haven't incurred any viruses when browsing the files both on the web and on my local hard drive, there's always a risk when viewing possibly malicious files. There's over 3000 (Like 6 PHP files, and the rest HTML files). Browse and download these files at your own risk!

    http://pages.deziine.net/hacked/

    Can any of you figure out what the heck these files are, and what they're for?
     
    heavener, Jan 8, 2009 IP
  2. vagrant

    vagrant Peon

    Messages:
    2,284
    Likes Received:
    181
    Best Answers:
    0
    Trophy Points:
    0
    #2
    is it a shared server, vps or dedicated ?
     
    vagrant, Jan 8, 2009 IP
  3. heavener

    heavener Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    it's Shared.
     
    heavener, Jan 8, 2009 IP
  4. nyxano

    nyxano Peon

    Messages:
    417
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #4
    If it is shared, I would contact the hosting company to see how exactly the person was able to gain access to your site. Find out if your Control Panel or FTP password was compromised, or if there is a security whole in the programming on your site. If the person got in some what not relating to you, the hosting company should know about it.

    I don't think a person can dump that many files into your web space without evidence of it being in log files - whether your site specific log files or the server log files.
     
    nyxano, Jan 9, 2009 IP
  5. heavener

    heavener Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    i'm not looking at how they got it, im just wondering what the files are... i mean like they aren't malicious, they are just htm files... why would someone dump HTM files... it seems pretty pointless to me.
     
    heavener, Jan 9, 2009 IP
  6. JenniP

    JenniP Peon

    Messages:
    250
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #6
    For backlinks? Dump a whole bunch of HTML files onto a server, Google indexes them gives a whole bunch of websites a whole bunch of backlinks.

    Jen
     
    JenniP, Jan 10, 2009 IP
  7. MarbleHost.com

    MarbleHost.com Well-Known Member Affiliate Manager

    Messages:
    634
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    155
    #7
    Do you run some free PHP scripts like CMS, blog or forum? If yes, make sure that you have upgraded to the latest version. Using old versions may be security risk.
     
    MarbleHost.com, Jan 10, 2009 IP