sigh, hacked again

**james438** · 11-01-2011, 03:23 AM

I just want to vent a little. The fault really is my own for not having better security, but this past month my site was hacked twice. I looked at the scripts they uploaded to my site. They looked to be using some outdated php.

Once the scripts were uploaded they scan the site for any other passwords and email them to some address. I then spent nearly all night changing all of my passwords, which they might have gotten access to, like databases or ftp clients.

Apparently the day I made the changes they uploaded the hacker scripts again, so it looks like I get to change my passwords again. Sigh.

During the life of my site I have increased the security several times, and have learned several things, but it wasn't enough apparently.

This time, to increase security further I beefed up my security password with some unicode, created a fake login page and I now record login attempts as well as many facts about each login attempt whether successful or not.

Maybe this time hackers will have a more difficult time getting in.

**csscoder** · 11-01-2011, 03:40 AM

1- Did you know where is the hack script? Did you check the server logs?
2- Are you sure all your files are not 777
3- Check out the process usage..

**james438** · 11-01-2011, 03:45 AM

how do you check the server logs?

**csscoder** · 11-01-2011, 03:46 AM

Do you have access to the server via ssh?

**james438** · 11-01-2011, 03:48 AM

My knowledge of these matters is sadly limited, which is probably how I got hacked in the first place. I do not think I have access to Secure Shell (SSH), but I could be wrong.

I changed allow_url_fopen from on to off.

**csscoder** · 11-01-2011, 03:50 AM

check out this:
http://www.serverwatch.com/tutorials...-accesslog.htm

http://httpd.apache.org/docs/2.0/mis...rity_tips.html
also try to use some firewall in your server, where is located your website ?

**james438** · 11-01-2011, 03:53 AM

Arizona. The host is GoDaddy.com. website is http://www.animeviews.com in case you have not guessed yet

.

**csscoder** · 11-01-2011, 04:04 AM

uff Godaddy, did you try to contact the customer support and tell them about your issue?

**james438** · 11-01-2011, 04:07 AM

no, but I can do that tomorrow. It is 11:08pm here.

I was thinking that the fault lay primarily with poor security practices on my part. Here is what I was attacked with: http://blog.ericlamb.net/2010/02/the-horrors-of-c99-php/.

**james438** · 11-01-2011, 04:12 AM

I am getting close to gaining access to SSH. I am also reading the articles you sent me.

Thread: sigh, hacked again

Thread Tools

Search Thread

sigh, hacked again

Bookmarks

Bookmarks

Posting Permissions