I use a CMS for my site so the main page is index.php but someone somehow created an index.htm file on my server which directed to a blank page which said "Shinchi Memang Cakep" Doing a quick search, they seemed to have hacked a couple sites (mainly simple ones). I have got my site up and running now but this made me wonder if the hack was just a security loophole in the site.. I am really illiterate in this area but my question is... What can I do to prevent future hacks? Should i still contact my webhost and try to figure out who did it when I have my site up now? Thanks - Ana
I would contact your web hosting provider and let them know what happened and/or the developer of the CMS.
I've contacted the CMS developer, they don't seem to be helpful at all. Which pisses me off since I paid around $140 for it. I'll contact my webhost. Thanks
I really am not sure if it's the script which caused it, or opened a loop hole. Scan your PC for any spywares, keyloggers first. It could be a problem with the server as well...
I sincerely doubt it was done with a keylogger. That would be a ridiculous amount of effort just to put an index.html page on his site, more likely they'd be spending his money. Do you use drupal? Do you have a file called xmlrpc or something similar? Have you check webserver logs? Because that will tell you a lot. If they just created a new file, I think they probably used a hole in the CMS. Drupal had one, I found out about when someone overwrote my index.php. Just restored it, but they came through the xmlrpc script that comes with it. Other CMS's may have similar problems. I also doubt they found a hole in the server itself and were able to gain access, most likely they wouldn't have defaced a page and alerted you to their presence. They probably would have started sharing movies and apps from your server. My guess is that it's very VERY likely it was the CMS or some hole in a script that allowed file creation, perhaps an upload script, or xmlrpc script...
Thanks nddb, It was hacked again today. I found a couple suspicious files and deleted them...have contacted both my cms developer and my webhost. Hope the issue gets resolved soon...I do think it must have been a cms issue..I don't use drupal, I use subdreamer..
AnaB, did you read this thread? http://www.subdreamer.com/forum/showthread.php?t=7604 If you go to Google and type in Subdreamer hacking, you'll see a few threads and posts, might help you out
Yeah I read that thread a bit too late. I believe my problem was the skin vulnerability...Although I'd patched my custom skin..I hadn't bothered applying the patch to skins that were on the server but not used..let's see if that fixes the problem. (atleast it apparently should) Hostgator confirmed it wasn't via ftp...
Sometimes they just google the cms's name, or whatever is in your footer, and they will find your site. That's how script kiddies hack phpbb. So remove your footer, or any trace that tells hackers what script you're using.
Yeah, I might have to buy the branding free license soon.. Alright...just had time to review my logs..tons of Asian/Korean/Indonesian traffic to the site isn't usual. Normally, it's not an Asia targeted website so I don't get traffic from these places at all. Weird thing is they all come from totally weird sites that have nothing to do with the site that was hacked. And, they are using the user agent "PycURL/7.15". From reading about the user agent it doesn't seem helpful at all, so I have banned it now. That's the only thing I could be suspicious about.