Hacked (and not a PHP script hack)

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • conard
    Junior Member
    • May 2004
    • 12
    #1

    Hacked (and not a PHP script hack)

    A site I host (clawhon.com) keeps getting hacked. They are not using any PHP scripts from what they say. In the root level (www) "a.exe" and "i.html" keeps popping up even though they delete them daily. The files look like they are spyware and their unique visitors that are accessing these files are 200,000+.

    Please help!
    Tags: None
    • Jonathan
      Senior Member
      • Mar 2004
      • 1229
      #2
      If you have a recent copy of your site, I'd say delete EVERYTHING,
      reset the password in WHM, and then upload each file after you've checked it manually.

      Make sure no hidden backdoors. Besides that, thats only thing I can think of.
      "How can someone be so distracted yet so focused?"
      - C

        Comment

        • Buddha
          Senior Member
          • Mar 2004
          • 825
          #3
          [edit]Yeah ... what Jonathan said!

          Looks like your site was flash based? Your flash site didn't need any backend access to database or anything? If you don't think it was a script exploit then the other possibilities are (in order of likelihood):

          1. Some else you gave access too?
          2. Home computer compromised?
          3. Server compromised?


          First start at home make sure your computer isn't compromised and then change your account passwords. Revoking all other user access in the process. If the server was compromised you wouldn't be the only one effected ... so check WHT.
          "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

            Comment

            • thinkliberty
              Junior Member
              • Dec 2004
              • 10
              #4
              Did you look at the access logs to make sure that it's not a script?

                Comment

                • Pedja
                  Senior Member
                  • Mar 2004
                  • 329
                  #5
                  Send trouble ticket to support and ask them to investigate who and when accessed site in period you know it was hacked. That info could lead to attacker and means he used to attack you.

                    Comment

                    • Jonathan
                      Senior Member
                      • Mar 2004
                      • 1229
                      #6
                      Originally posted by Buddha
                      [edit]Yeah ... what Jonathan said!
                      Can you repeat that?

                      Originally posted by Pedja
                      Send trouble ticket to support and ask them to investigate who and when accessed site in period you know it was hacked. That info could lead to attacker and means he used to attack you.
                      Wow, support does that? Is it free/paid?
                      Dathorn keeps getting better and better.
                      "How can someone be so distracted yet so focused?"
                      - C

                        Comment

                        • Pedja
                          Senior Member
                          • Mar 2004
                          • 329
                          #7
                          Originally posted by Jonathan
                          :
                          Wow, support does that? Is it free/paid?
                          Once I had suspiction that account was compromised I asked them for help and they did help. They looked for me what IP's were used to access that account. Noone mentioned payment.

                            Comment

                            • Jonathan
                              Senior Member
                              • Mar 2004
                              • 1229
                              #8
                              Nice
                              "How can someone be so distracted yet so focused?"
                              - C

                                Comment

                                Previous template Next
                                Working...