1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Who knows how the hackers did this?

Discussion in 'Black Hat SEO Tools' started by digitalmaphia, Apr 26, 2008.

  1. digitalmaphia

    digitalmaphia BANNED BANNED

    Joined:
    Apr 19, 2007
    Messages:
    33
    Likes Received:
    14
    Hey guys,

    I found a file named httaccess.php in a folder that I didn't put there, it gave access to everything and permissions to everything. How did they get it in there and how can I prevent that?

    I'm curious as to how it got uploaded?

    DM
     
  2. blanko

    blanko Power Member

    Joined:
    Mar 16, 2008
    Messages:
    588
    Likes Received:
    125
    That file usually shows up in the directory when you set up the hosting account.
     
  3. battman323

    battman323 Regular Member

    Joined:
    Aug 10, 2007
    Messages:
    449
    Likes Received:
    395
    Occupation:
    Extortionist
    Location:
    None of your damn business
    the .htaccess is the right file

    he's talking about somebody uploaded php sh*t to his hosting

    there are a bizillion ways this could have happened man, contact your hosting and see if they have an access log or some kind of clue
     
  4. boomboomer

    boomboomer Executive VIP

    Joined:
    Feb 7, 2008
    Messages:
    705
    Likes Received:
    865
  5. quintessential

    quintessential Newbie

    Joined:
    Dec 20, 2007
    Messages:
    24
    Likes Received:
    17
    This is possible if you are using a CMS like Drupal. Often they will troll an IP address looking for old, maybe unused Drupal installations, where there are known vulnerabilities, and use it to upload a search script. This will enable them to browse your directories and upload the htaccess.php script to give them more complete access.

    Check your hosting account, and remove any sites/scripts you are no longer using. Also, whatever script you have been using for CMS-make sure it is updated! You should also talk to your provider-they can help you with IP addresses and such, if you want to block a range or something like that.
     
  6. portillo

    portillo Junior Member

    Joined:
    Jan 10, 2007
    Messages:
    169
    Likes Received:
    45
    Could be much more than just Drupal. If you are using Cpanel or WHM there are vulnerabilities there. It may be your password, it could have been brute-forced but thats less likely. Check your directory for any file with 777 permissions. Or if you are using a template there are a ton of other vulnerabilities.
     
  7. digitalmaphia

    digitalmaphia BANNED BANNED

    Joined:
    Apr 19, 2007
    Messages:
    33
    Likes Received:
    14
    I believe it had something to do with having 777 file permissions being exploited, it's sorted now and hopefully they didn't leave another backdoor as I have multiple domains under one server.

    Thanks.

    DM
     
  8. blackhatcatz

    blackhatcatz Power Member

    Joined:
    Feb 8, 2008
    Messages:
    599
    Likes Received:
    104
    Occupation:
    internet marketer, call center owner
    Location:
    Somewhere Asia, Moving around all the time
    Yes, putting your folders in 777 usually creates this problem
     
  9. mj10pop

    mj10pop Registered Member

    Joined:
    Mar 25, 2008
    Messages:
    59
    Likes Received:
    5
    permissions scripts telnets expolites
    there are many way a hacker can gain access
    dam those hacker one of my website was haked by a Turkish hacker due to the wrong permission to image folder lol
     
  10. Hardmaster

    Hardmaster BANNED BANNED

    Joined:
    Mar 23, 2008
    Messages:
    96
    Likes Received:
    24
    you must check all domains now,hackers may leave webshells there
     
  11. bluey

    bluey Registered Member Premium Member

    Joined:
    Mar 3, 2008
    Messages:
    70
    Likes Received:
    40
    What are webshells?

    I had a case where a hacker went in and screwed my entire database up and I lost 16,000 subscribers that took me weeks to recover as they get in the mailing system and sent out allsorts of cra*.

    There are quite a few vulnerabilities in Wordpress as well I believe?
     
  12. razohad

    razohad Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 11, 2008
    Messages:
    701
    Likes Received:
    1,005
    Occupation:
    Software engginer
    Location:
    online most of the time
    i had two wordpress blog hacked and i'am done with that.

    so contact your host they must have a connetion log and
    see how that happend.

    your host is your answer.
     
  13. Hardmaster

    Hardmaster BANNED BANNED

    Joined:
    Mar 23, 2008
    Messages:
    96
    Likes Received:
    24
    Backdoor,php file disguised as part of your scripts.
     
  14. samloron

    samloron Junior Member

    Joined:
    Apr 16, 2008
    Messages:
    184
    Likes Received:
    201
    Location:
    Õ°°°°Ø
    You probably were a victim of some kiddy's wild RFI vuln scan... "patch your system".