Who knows how the hackers did this?

Discussion in 'Black Hat SEO Tools' started by digitalmaphia, Apr 26, 2008.

  1. digitalmaphia

    digitalmaphia BANNED BANNED

    Joined:
    Apr 19, 2007
    Messages:
    33
    Likes Received:
    14
    Hey guys,

    I found a file named httaccess.php in a folder that I didn't put there, it gave access to everything and permissions to everything. How did they get it in there and how can I prevent that?

    I'm curious as to how it got uploaded?

    DM
     
  2. blanko

    blanko BANNED BANNED

    Joined:
    Mar 16, 2008
    Messages:
    592
    Likes Received:
    126
    That file usually shows up in the directory when you set up the hosting account.
     
  3. battman323

    battman323 Regular Member

    Joined:
    Aug 10, 2007
    Messages:
    449
    Likes Received:
    395
    Occupation:
    Extortionist
    Location:
    None of your damn business
    the .htaccess is the right file

    he's talking about somebody uploaded php sh*t to his hosting

    there are a bizillion ways this could have happened man, contact your hosting and see if they have an access log or some kind of clue
     
  4. boomboomer

    boomboomer Executive VIP

    Joined:
    Feb 7, 2008
    Messages:
    717
    Likes Received:
    888
  5. quintessential

    quintessential Newbie

    Joined:
    Dec 20, 2007
    Messages:
    25
    Likes Received:
    17
    This is possible if you are using a CMS like Drupal. Often they will troll an IP address looking for old, maybe unused Drupal installations, where there are known vulnerabilities, and use it to upload a search script. This will enable them to browse your directories and upload the htaccess.php script to give them more complete access.

    Check your hosting account, and remove any sites/scripts you are no longer using. Also, whatever script you have been using for CMS-make sure it is updated! You should also talk to your provider-they can help you with IP addresses and such, if you want to block a range or something like that.
     
  6. portillo

    portillo Junior Member

    Joined:
    Jan 10, 2007
    Messages:
    169
    Likes Received:
    45
    Could be much more than just Drupal. If you are using Cpanel or WHM there are vulnerabilities there. It may be your password, it could have been brute-forced but thats less likely. Check your directory for any file with 777 permissions. Or if you are using a template there are a ton of other vulnerabilities.
     
  7. digitalmaphia

    digitalmaphia BANNED BANNED

    Joined:
    Apr 19, 2007
    Messages:
    33
    Likes Received:
    14
    I believe it had something to do with having 777 file permissions being exploited, it's sorted now and hopefully they didn't leave another backdoor as I have multiple domains under one server.

    Thanks.

    DM
     
  8. blackhatcatz

    blackhatcatz Power Member

    Joined:
    Feb 8, 2008
    Messages:
    598
    Likes Received:
    105
    Occupation:
    internet marketer, call center owner
    Location:
    Somewhere Asia, Moving around all the time
    Yes, putting your folders in 777 usually creates this problem
     
  9. mj10pop

    mj10pop Registered Member

    Joined:
    Mar 25, 2008
    Messages:
    71
    Likes Received:
    6
    permissions scripts telnets expolites
    there are many way a hacker can gain access
    dam those hacker one of my website was haked by a Turkish hacker due to the wrong permission to image folder lol
     
  10. Hardmaster

    Hardmaster BANNED BANNED

    Joined:
    Mar 23, 2008
    Messages:
    96
    Likes Received:
    24
    you must check all domains now,hackers may leave webshells there
     
  11. bluey

    bluey Registered Member Premium Member

    Joined:
    Mar 3, 2008
    Messages:
    70
    Likes Received:
    40
    What are webshells?

    I had a case where a hacker went in and screwed my entire database up and I lost 16,000 subscribers that took me weeks to recover as they get in the mailing system and sent out allsorts of cra*.

    There are quite a few vulnerabilities in Wordpress as well I believe?
     
  12. razohad

    razohad Power Member

    Joined:
    Jan 11, 2008
    Messages:
    701
    Likes Received:
    1,005
    Occupation:
    Software engginer
    Location:
    online most of the time
    i had two wordpress blog hacked and i'am done with that.

    so contact your host they must have a connetion log and
    see how that happend.

    your host is your answer.
     
  13. Hardmaster

    Hardmaster BANNED BANNED

    Joined:
    Mar 23, 2008
    Messages:
    96
    Likes Received:
    24
    Backdoor,php file disguised as part of your scripts.
     
  14. samloron

    samloron Junior Member

    Joined:
    Apr 16, 2008
    Messages:
    184
    Likes Received:
    201
    Location:
    Õ°°°°Ø
    You probably were a victim of some kiddy's wild RFI vuln scan... "patch your system".