Site Hacked need help

Discussion in 'Security' started by riya_senk, Jun 24, 2007.

0
  1. #1
    I has start small Myspace resource site but its hacked within 2 days :eek:

    I have found the reason of hacking but I have noticed that most of folder has been changed to 777? How it is possible? :confused:

    Can any body change the permission of files and folder outside of cPanel or FTP??

    How to prevent such type of task from being execute. ?
     
    riya_senk, Jun 24, 2007 IP
  2. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #2
    777 is common for FOLDERS
    the important part are FILES

    if you know where hackers entered your site - then SECURE your site to prevent any further abuse

    also

    if you have folders or entire sub-folder-structures that are needed for admin use only - and then only every now and then
    you may chmod 000 such paths entirely to shut down such admin paths for hackers

    make sure you truly KNOW where and how hackers entered your site to make sure you close the right parts of your site.
    study the ACCESS_LOG files manually
    line by line to see / analyze the initial steps of hackers, then secure your SW
     
    hans, Jun 25, 2007 IP
  3. riya_senk

    riya_senk Well-Known Member

    Messages:
    2,013
    Likes Received:
    174
    Best Answers:
    0
    Trophy Points:
    160
    #3
    I have done everything at that time it was hacked, Problem was at Image Hosting, He have uploaded PHP Shell instead of Images :(, but Main thing that confuse me is All folder had 755 permission that but then He changed 777 Permission to All folders including public_html root directory :eek:
     
    riya_senk, Jun 25, 2007 IP
  4. InFloW

    InFloW Peon

    Messages:
    1,488
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Well depending on the setup you could just use chmod in php to do it. http://php.net/manual/en/function.chmod.php
     
    InFloW, Jun 30, 2007 IP
  5. ndreamer

    ndreamer Guest

    Messages:
    339
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #5
    to execute the script he would have needed the location of the script, do what you can to mask the location of uploaded data and save all uploaded data in a place outside of the public_html directory.

    1. Never include or require uploaded files.
    2. if a install script or configuration script requires you to chmod your files to 777 chmod change them back after the install.

    normally a server is configured with apache running as it's own user and your ftp, ssh accounts running as another which would prevent php from changing file permissions since it's running as the apache user.
     
    ndreamer, Jul 1, 2007 IP
  6. eukvps

    eukvps Guest

    Messages:
    56
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Hello,

    One can change permissions on folders if they get into your account with your username and password.

    To avoid such situation your password should be very strong.

    Should have special characters as well as mixture of alphabets and numbers.

    Regards,
     
    eukvps, Jul 4, 2007 IP