Somebody put a sex site in my site. How can I prevent this from happening again

Discussion in 'Security' started by larryweiss, Sep 30, 2008.

0
  1. #1
    Someone managed to inset some stuff in a sub directory. The search results went south, and I wondered why. I discovered it when looking over my stats and found that one of the most popular search terms was i.n.c.e.s.t ( I don't want to even spell it).

    What is this practice called ( so I can search for info. )

    What can I do to prevent this from happening?

    Have I legal recourse ( they left a redirect to their site )?

    Is my host at fault here?

    How should I approach the host?

    Does changing my password protect me from them, or do they get in another way?

    Thanks for any help you can offer.
     
    larryweiss, Sep 30, 2008 IP
  2. JustRulz

    JustRulz Member

    Messages:
    88
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #2
    Find this ips and block all of them :)
     
    JustRulz, Oct 1, 2008 IP
  3. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hi,

    Most likely either your site account or the whole server is compromised.

    Start the investigation with scanning your own computers for viruses and spyware. This could be a trojan that had stolen your password.

    Then contact your hosting provider and let them know about the issue. At least to let them know that the "adult" content was not added there by you (they can close your account if find content that violates their ToS). Make sure to ask them to investigate how it got there in the first place. They should be able to login to your site and check the file modification dates and owners.

    What software (blogs, forums, ecommerce solutions) did you use on your site? Some (older) versions of popular web applications are vulnerable to various types of hacker attacks. Always use the most recent versions.

    When you fix the issue, change all passwords from some secure computer and try to use SFTP insted of FTP.
     
    UseShots, Oct 2, 2008 IP
  4. zebulon

    zebulon Well-Known Member

    Messages:
    198
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    130
    #4
    Nothing like a good romping time with your cousin or mother...jokes

    If the material/information was uploaded into a directory test for shells/remote shells. Research c99 to see what I mean. If the material ended up being uploaded through your script, check it for security patches.

    Recourse: Pending or not you can track the individual(s) down to a specific IP or hostname, will depend on your recourse. If you are unable to due to proxys or VPN's used to hide their digital fingerprint, simply install mod_security and start blocking IP and hostnames to those proxys...

    Talk to your provider to inquire if they have any suspicious logs per se, sometimes an attacker will access your account through administrator level on that server.

    Cheers,
     
    zebulon, Oct 2, 2008 IP