1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how do i make sure my website is taken over?

Discussion in 'BlackHat Lounge' started by theseodude, Jun 30, 2013.

  1. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    hi
    i posted about this yesterday but wanted to make my question more specific.
    my website is not indexed. it's nowhere to be found. I installed some php script and 5 minutes later, I started getting spam through the contact form on my site. this tell me the script must be responsible for it, which has been deleted from my site, by the way. the weird thing is that I have analytics installed and it did not register any users the day the spam was sent, so I dont understand how they accessed the site without showing up at the analytics.

    now I am kind of paranoid, how can I know that my sites are not taken over by spammers, etc? How can I see all the activity my sites are making? by the way, I dont know if this matters but I have shared hosting with a well known company (not hostgator, but almost as famous)
     
  2. AlexMcMallan

    AlexMcMallan Newbie

    Joined:
    Jun 29, 2013
    Messages:
    4
    Likes Received:
    1
    PHP is a server side script so it's executed on your web server and can do whatever. Basically it can be triggered via cron so you'll won't be able to track any activity checking analytics etc. bcs that's totally different thing.
    Best solution = deleted all the files and start again without using some unknown scripts etc.
     
  3. Kaistar

    Kaistar Power Member

    Joined:
    Jan 9, 2010
    Messages:
    562
    Likes Received:
    333
    The script probably had a backdoor type entry for whoever made/edited the script to use meaning they don't need to access your site, they just send messages through a UI and it sends to everyone with the script installed.

    What was the comment script BTW ?, and was it nulled or downloaded from some dodgy site or from the creator ?
     
  4. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    it was a contact script, I was looking for something that doesn't require page refresh when it sends the message. I already had "fast secure contact form" installed, which is definitely not infected because it's very well known and everybody uses it....anyway, FSCF requires page refresh, I was looking for something that doesn't, I googled "contact form without page refresh" and downloaded and installed a couple of scripts from some website...ever since then, I have been receiving spam through my fast secure contact form. the scripts were not nulled or pirated, they are distributed free by the authors.