hi there... I have a shared hosting account set up.. and it seems that a bunch of my shared pages have been compromised. On one site specifically there is about 600 of these - http://www.theyshootpictures.com/blog/wp-content/themes/default/images/pics/?beasfilm=660 that have been created and uploaded to the directory.. as well as insert as hidden text into the main index.html file. The username and password for this account will not allow me to delete them.. i get this as an error from my ftp program: [9/11/2008 8:11:59 AM] HTTP/1.1 405 Method Not Allowed Date: Thu, 11 Sep 2008 12:11:57 GMT Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Length: 416 Connection: close Content-Type: text/html; charset=iso-8859-1 ERROR:> [9/11/2008 8:11:59 AM] HTTP Error. These files dont even show up in the web providers 'ftp file manager'.. I'm not sure what to do next... so hoepfully someone can help me..
This is not an FTP error. Is an HTTP error. Get yourself a real FTP program (not browser based). If you can't delete files yourself, contact your hoster.
I think there has been some confusion.. I Use Cute FTP.. the above was the error message that appeared in the popup box when i tried to delete the bad directories... What i meant to say was.. when i logged in using the webhosting http file manager... the files didnt even show up... im not a webpage newbie... just when it comes to getting hacked.. the permission has been turned off for my account via FTP somehow... to remove these files...
From going to the page in your signature there ... it brings up 600 links that are hidden on the page... Hope someone can help... My hosting company said they will delete everything and let me re-upload .. or charge me 75$ an hour to go through the code to clean it... :|
So what files are you trying to delete? I assume www.theyshootpictures com is not your server? If Unmask Parasites finds hidden links in your pages, you should remove those links from your own HTML or php (or whatever you use) files. If you can't modify your own files, check their permissions and the owner of the files. If they are owned by root, or someone else (not yours), then the whole server may have been compromised. And the hoster may be to blame for overlooking the problem.
No... im not "they shoot" I have removed the links... and the directory clears out.. It seems they were somehow being generated by the HTML code? I am still unable to do anything via ftp... even if i create a new ftp account.. i still get the same errors. I cant see the owner or permission in the ftp program.. its like its read only in the ftp? I was only able to edit the index.html by using the manual HTML file manager via Cpanel... This is just one of several sites on my shared hosting account.. and not the main one.. which is what i find to be so odd!
I don't use Cute FTP, but every decent FTP client can show the owner of files and show/change file permissions. Here is a screenshot from FileZilla FTP client: http://useshots.wordpress.com/2008/09/12/file-owner-in-ftp/