1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Website being hacked

Discussion in 'Security' started by webrookie, Jan 8, 2012.

0
  1. #1
    I have a major problem on my website.
    I had given the contract for my website to a company which further utilised the services of a freelance programmer to make the website. The company and the programmer have fallen out over payment issues and the programmer is now all out to disturb the website. First he resorted to deleting the files which I stopped by disabling the unlink function in php.ini. Now he has deleted the contents of all files.
    I assume that he has put a backdoor entry while creating the website from where he can upload the file with malicious scripts.
    While I am contemplating legal action, I would request help to ensure that the website cannot be disturbed. Any expert help is appreciated.
     
    webrookie, Jan 8, 2012 IP
  2. dgmdan

    dgmdan Peon

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Let me ask you a few things in order to give the best advice:

    Who runs the web server, you, the developer or a third party host? If it's a third party host, you should have all the developer's accounts disabled and change all shared database and other passwords.

    Do you have a backup of the full site? Typically this would be a ZIP file of the site's directory tree, and if your site uses a database, another file for the database dump.

    Who controls the domain name? Is it in your name and email address?
     
    dgmdan, Jan 8, 2012 IP
  3. james080

    james080 Peon

    Messages:
    45
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    If you are the web master of the site, then try to access the server log of the website. From there you can check out who are accessing your website by tracking the ips.
     
    james080, Jan 9, 2012 IP
  4. linux7802

    linux7802 Active Member

    Messages:
    110
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #4
    If you are the server owner first change the server root password and delete all the FTP accounts from the server as well as disable the following php function in the server main php.ini file and do not use the customized php.ini file under any domain hosting account.

    eval()
    preg_replace()
    fwrite()
    passthru()
    file_get_contents()
    shell_exec()
    system()
    fopen()
    readfile()
    glob()
    file()
    popen()
    exec()

    If possible scan the server for rootkit and malware content, hope it will help you.
     
    linux7802, Jan 9, 2012 IP
  5. webrookie

    webrookie Peon

    Messages:
    34
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I have a shared hosting account. I control the domain name and the email ID for it.
    I am going to try and disable all the PHP commands as given out by you. Hopefully this will help. Thanks a ton in advance.
     
    webrookie, Jan 9, 2012 IP
  6. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #6
    If you think there is a backdoor you will want to run some scans to check for one.
     
    SolidShellSecurity, Jan 10, 2012 IP