1
svaha
Hacked
  • 2007/2/27 14:33

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


The site of a friend of me is hacked by placing an index.html file in the root.
Because html has a higher priority then php, visitors see this hacked html file in stead of the index.php
I suggested him to replace this hacked html file by his own html file with in it a direction to index.php

Do you have other suggestions?

2
seventhseal
Re: Hacked

How would that help?

The real question is, how is the index.html file getting placed in root? And I am assuming the root of the site, not the root of the server. That's a security issue, not a XOOPS issue. I would recommend a few debugging things...

1. If you can't plug the "copy to root" hole, then I would turn off any uploads until you can get the site in a chrooted environment. Also, make sure ssh or telnet is turned off.

2. look at your log files - access.log and errors.log to determine what they are doing when the index.html is copied up. What URL, etc. is getting used.

3. If you are an apache site, and have control of the server, then install mod_security to apache. If you are in a shared environment, talk to your provider about what security switches can be turned on at the apache level.

4. Take an inventory of the mods you are using, make sure they are the recent versions, and not something old that may have a known vulnerability.

Bottom line, even if you copy a stub index.html file up there, my question would be, what prevents the upload and replacement of that file? Not knowing the settings of this particular server makes it difficult to answer, and really only with the generic obvious stuff...
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design

3
svaha
Re: Hacked
  • 2007/3/23 15:37

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


Thanks for your reply, still looking into this.

4
aamjad2001
Re: Hacked
  • 2007/3/23 19:06

  • aamjad2001

  • Just popping in

  • Posts: 64

  • Since: 2006/6/20


so can yor friend still access his cpanel. or not. if someone can place an html file in his account that someone would then also be able t delete any from i t.

5
wizanda
Re: Hacked
  • 2007/3/23 20:47

  • wizanda

  • Home away from home

  • Posts: 1585

  • Since: 2004/3/21


Also please make sure index.php of the root is 444 chmod so only readable; no one ever needs to write to it........that should be included with instructions as i found i needed to.

6
svaha
Re: Hacked
  • 2007/3/25 18:48

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


Yes I do this on all of my sites, but if someone mananges to get an index.html file on your site, then the 444 of your index.php is of no use.

Login

Who's Online

335 user(s) are online (263 user(s) are browsing Support Forums)


Members: 0


Guests: 335


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits