1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is that possible at Hosting [Urgent]

Discussion in 'Web Hosting' started by jason2009, Mar 21, 2011.

  1. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    I think one of my website is hacked by someone.In my Hostgator account i have totally 5 website at baby plan.If anyone can access one website,Is he able to access another domain.
    It is just like that :- I have 3 domain like
    xxx1.com
    xxx2.com
    xxx3.com
    If any hacker can access xxx1.com(with hosting file),Is he able to access xxx3.com & xxx2.com ?
    I really need suggestion about that.If he can, how can i protect him from accessing other domain.
    Thanks in advanced.
     
  2. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    434
    Likes Received:
    239
    yes, if all the domain in same account. you need to remove/find all php shell/exploit.
    sample
    your public_html folder
    public_html
    | xxx1.com folder
    | xxx2.com folder
    | xxx3.com folder

    althougt he hack xxx1.com, he still can browse the other domain folder with some php shell.
     
    • Thanks Thanks x 1
    Last edited: Mar 21, 2011
  3. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,389
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    Yeah if a hacker gets access to your master account then he'll have access to your subaccounts too.

    But are you sure you've been hacked? Or was it just an exploit.
    In other words a hacker will actually gain access to your account with a password, either using a virus on you're pc when you logged into your hosting accounts, a phishing site, or even brute force hacking.

    An exploit is from things like a virus on your pc when you log into your accounts, a script that you downloaded with some malware, or even just a plugin or theme script you loaded that has a security vulnerability that lets someone inject a code into your websites.​
    If you were actually hacked then you need to change your passwords immediately. If it's an exploit then you need to remove the infected files and find where the security vulnerability is.

    If you actually were hacked then you've certainly had viruses and more exploits loaded on you websites. Because of that you always want to deal with both regardless of how you were infected.
    Run some very thorough virus and malware checks on your pc before you log onto your host account again.

    Once your certain you're pc is clean log into your host account (or if that's going to take too long, use another pc that you know is clean) and change your passwords.

    Depending on the severity of the attack you may be able to search for and remove any injected code. If it's more serious then you might need to actually delete all the files and either reload your site from a backup or rebuild the site from scratch again.

    Once you have that done you still need to check all your scripts to make sure you don't still have any security vulnerabilities allowing the exploits.​
    You also need to make sure it isn't caused by a security vulnerabiliy in the setup your hosting company is using. That usually isn't the problem with the larger established hosting companies, but it can happen.

    :cool2:
     
    • Thanks Thanks x 1
    Last edited: Mar 21, 2011
  4. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    Thanks for your opinion.

    Thanks.I think it may be happened by MySQL exploit.My hacked website in public_html folder with subfolder withmy website name.So actually it is not my main root folder.By database exploit,can he login my hosting account ? Can he access root folder by subfolder ? My hosting is HG.I think there security is good.
    Thanks again for yours quick answer
     
  5. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    434
    Likes Received:
    239
    depend on the database, if it wp db, he can create admin account and put some php shell then he can access all your folder from subfolder, he can login to your host account if the db password is same as hosting/cpanel account
     
  6. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,249
    Likes Received:
    3,498
    Occupation:
    Full time IM
    With MySQL injection he can only compromise the database for that MySQL user unless your site allows for XSS and has a file upload capability on some page where he can upload a file and thene execute it. So he could do.

    Compromise MySQL and gets access to your admin page by using SQL injection for credentials. There he has a file upload field on a page and he uploads a PHP file (malicious). He then calls the URL to the fie by guessing it or whatever way and that executes the PHP file which could do anything. Just through a MySQL injection this can't be done. Only by exploiting multiple security holes.
     
    • Thanks Thanks x 1
  7. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    Thanks again.My DB password and Hosting Password is not same.So,Can he do that ?
    Thanks.I am not clear.If he can access database and can upload PHP file(malicious),Can he get my hosting info ? Or can he go to main root folder ? Or only the subfolder where that website is hosted,he can access ?Waiting for your answer.
     
  8. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    434
    Likes Received:
    239
    he can't get you hosting info, he only get your username,
    if he upload malicious code, he can go to main root folder, or all your folder account like /home/your_account_name/......
     
  9. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,389
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    To add to what everyone is saying, in most cases the danger is a downward path.

    If the exploit or hack is at a lower level then it can't gain access to the higher levels. But if the access is to a higher level then it can gain access to all the lower levels.

    An example would be a reseller or unlimited hosting account on a shared server. If a hacker or virus got access to one of the client accounts or sub hosted accounts then it can't access any other accounts. But if it got access to the reseller or master account then it could get access to every account you have.

    Unless of course there's some serious server misconfiguration.
     
    Last edited: Mar 21, 2011
  10. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    I got my answer i think.
     
  11. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,249
    Likes Received:
    3,498
    Occupation:
    Full time IM
    Yes he can. If he can upload AND execute a PHP file he has access to all folders under root because thats how hosts are setup. Those other sites are domain addons.

    Instead of worrying what he can do just fix it. Remove the injected code or whatever is the case and change all passwords. And very importantly find out exactly how he got in if possible otherwise he will be in again in 5 minutes.
     
  12. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,389
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    Well if the server is configured properly it shouldn't be able to. By properly I mean with security in mind as well as performance. You're right though, security isn't always set up right to prevent that. So it's certainly possible. To find out for sure he'd need to check with his host to make sure how it's security settings are configured.

    The more important point you brought up was the same point I made originally. Once you know something happened, start taking immediate action to correct the problem. Change your passwords, check for viruses on your PC and Server, remove any injected code, infected files, and anything else suspicious or wrong. Do you're best to figure out how access was gained and correct the problem.
     
    Last edited: Mar 22, 2011
  13. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,249
    Likes Received:
    3,498
    Occupation:
    Full time IM
    @GreyWolf What I mean is if he can upload a PHP file he can affect all files on the server for his account (all sites). This can happen with properly secured servers. Hostgator from what I know, just as any other CPanel host uses su-php or something similar. That restricts user1 from affecting files of user2. However, permissions of user1 are on his entire directory. There is one main site that's associated with the hosting account and the others are addon domains. That means the structure is something like:

    Code:
    /public_html/ <- files for main site
    /public_html/addon1/ <- files for addon site #1
    /public_html/addon2/
    ...
    
    That means if he uploads a PHP file at /public_html/addon1/malicious.php then from that script he can affect all files under / directory. If the server allows exec() to run he could do even much worse.
     
  14. dizz

    dizz Elite Member

    Joined:
    May 19, 2009
    Messages:
    2,068
    Likes Received:
    1,775
    Occupation:
    This... AND MORE!! :D
    Location:
    Texas
    We read your posts, thought about replying, but read all the good info that you have gotten, we just can't add to it, LOL.. Grey Wolf, was the best advice I had totally read, hes pretty knowledgeable about this stuff. Good luck getting the asshole off your server!

    Jason and Amanda
     
  15. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    I totally agree with you.bzy39 & GreyWolf are really awesome.Thanks again for their support.I am trying to find all exploit from my website and remove that.I think it will be hackfree :bubblegum:bubblegum:bubblegum
     
  16. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,389
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    Yeah thats a good point madoctopus. Depending on how the additional domains are structured under the user account would make a big difference.

    If the additional domains are all under a single user account then every domain under the same user account would be compromised. If you're setting up addon domains with CPanel then it's about the same as creating subdomains, but with their own unique domain name. When you set up an addon domain in CPanel it actually explains that, so I kind of made an assumption that people know that. I probably shouldn't assume such things, so you're right to point that out. A domain set up as an addon is actually just a folder under the main domain's account. So yeah a malicious code on any of those folders could affect any other folder on that same account.


    I've never bothered with setting up addon domains because I've always had reseller accounts. On reseller accounts you use the web host manager (WHM) to set up the domain and each domain gets it's own user account. That's one of the reasons I've always gone with reseller accounts even though I just set up my own domains on them. The client accounts are set up under the reseller account, but they all have their own user account. Same thing goes for VPS or DS, it's better to use the WHM or equivalent to set up seperate user accounts for each domain rather than setting up addon domains.

    That's also what I meant about the vulnerabily being downward rather than upward. I was talking in terms of user accounts. If a client account is compromised then any folder on that user account is accessable, but there's very little risk to the master account or any other client accounts. If the client account is a reseller account also then any thing under the client account is at risk as well. If the reseller account is compromised then every client account under it can be compromised. Even though the accounts are set up with WHM, the client accounts can still be accessed and managed through the master account CPanel. I don't know if an uploaded script could access the client accounts, but a hacker with password access to the reseller account would definately have access to the them.

    Unless there's a serious misconfiguration it would be extremely difficult for user1 or user2 to get access to the other accounts. Of course, I would never say never and there's also a lot more that an actual hacker that gained direct access to an account can do than what can be done with just a malicious script. If someone really is good enough, has enough time, and can find enough vulnerabilities they can eventually do just about anything they want.

    Regardless of what someone can or can't accomplish though, the main thing is to do whatever you can to prevent it. Whenever someone does get attacked they need to deal with the problem quickly, proactively, and aggressively because the bad guys won't waste any time once they get access. :cool2:



    edit-
    The ones that do that stuff are just a bunch of scum anyway. They're the reason hacking got such a bad name. Thanks to the media, when people hear about a hacker they always think of account crackers, malware creators, and other evildoers. :irked:

    Most of the real innovation in the computer industry has always been from hackers writing code that pushes hardware past the limits of it's design specs. That's who created the first computer games, built the first hobby computers, created the first modems, video display controllers, etc. Steve Wozniak was even considered a hacker. Basically a hacker is someone that can design hardware or code software with the inspiration of an artist rather than just follows instructions on how things should be done. They're the innovators in the computer field. But that's not who the average person thinks of when they hear the term anymore.



    :call2:
     
    Last edited: Mar 23, 2011
  17. wyredwing

    wyredwing Newbie

    Joined:
    Jan 13, 2011
    Messages:
    18
    Likes Received:
    2
    yes it is possible