1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Server hack...causes???

Discussion in 'Black Hat SEO' started by DebbieSprules, Apr 30, 2009.

  1. DebbieSprules

    DebbieSprules Senior Member

    Joined:
    Mar 20, 2009
    Messages:
    821
    Likes Received:
    80
    My PR4 site has been breached 4 times with chinese coder hacks.

    They add code to my site to:

    1. Change the google serps snippet to read gobledegook
    2. Disallow my front page from opening or being accessed in anyway.

    Naturally both the server company and my developer are befuddled and ofcourse not guilty in any way.

    So that I can bash some ideas at them please share your thinking.

    1/ The site is php
    2/ The server is a linux and running the site, dedicated server.

    NB - Three weeks ago I had the keystroke virus. It got my Paypal hacked for 7k but did not seem to record any of my other keystrokes.

    Similarly the password for the server has not been used on this machine, but the password to the back end of the site's CMS has been.

    Is it likely that the hacker can place code perhaps in the CMS part of the site and thus this whole thing is my fault?

    Love you

    Note my junior status... ( like a little teenage junior cheerleeder co ed )
     
  2. gimme4free

    gimme4free Executive VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2008
    Messages:
    1,884
    Likes Received:
    1,932
    What do you host on your site? Is there a login script? If so then does it record access attempts and block login attempts after X failed attempts? Do you have any nulled scripts on the site? Have you put any scripts onto your site from unofficial sources?
     
  3. thaorius

    thaorius Junior Member

    Joined:
    Aug 19, 2008
    Messages:
    109
    Likes Received:
    33
    You are pretty much saying like "I'm human and I'm ill, what's wrong with me?", you have to provide apache error and access logs for the hack time, core dumps if there are any would also help, all your software versions(CMS, apache, php, etc), even configurations on php.ini.
     
    • Thanks Thanks x 1
  4. 4alllifestyles

    4alllifestyles Junior Member

    Joined:
    Dec 3, 2008
    Messages:
    170
    Likes Received:
    98
    Without knowing more specifics here's what I'd do.

    Create a html only "holding page" and host at a different location (temporary, use a cheap cheap host).

    Change the DNS to point to the temporary holding site.

    Do a full secure backup of everything on the site.

    Go through every bit of code with no mysql or php turned on. If you don't know how to do this, get someone who does.

    Get all vunerability lists from the maker of your php code, php, mysql, etc. Make sure your code isn't doing something stupid (like register_globals on).

    Have your host completely destroy your old account and set you up a new one. On a different server. Different usernames, passwords, etc. And only on the phone, no email.

    Only when you are certain that your code is completely clean, database data is clean, etc. upload your cleaned code and move on.
     
    • Thanks Thanks x 1
  5. DebbieSprules

    DebbieSprules Senior Member

    Joined:
    Mar 20, 2009
    Messages:
    821
    Likes Received:
    80
    WOOOOOOOOOW Will do the thanks tomorrow

    Talking to the server peeps and the coders they say it was accessed via an open port or via hacking my password...

    Seems to be fixed but I want to KNOW whos fault it is...

    I will send the code reports shortly xxx