Site hack (non-php)

**Andy** · 03-21-2005, 11:38 AM

Where are these files located?

**ChrisTech** · 03-21-2005, 12:15 PM

You should submit a trouble ticket asap so Andrew or his techs can find the issue and clear it up.

**conard** · 03-21-2005, 12:43 PM

The files have been removed by the client. They were located in the "www" directory. If I can get a list of files then I'll submit them in a trouble ticket. Also, clients bandwidth usage went for ~100MB/month to 2GB/month (account limit).

Thanks,
Steve

**sdjl** · 03-21-2005, 01:10 PM

Sounds like your customer isn't being careful with his/her password.
Get them to check their own PC for spyware or other nasty stuff that could be logging keystrokes and similar.

David

p.s. I'm not sure how this relates to the "Script security" thread if it isn't directly linked to a script of some sort..

**conard** · 03-21-2005, 01:52 PM

That's possible. But it happened to two different clients.

**sdjl** · 03-21-2005, 06:03 PM

Maybe they're as bad as one another

Alternatively they could have scripts on their accounts that they don't realise.

David

**Jonathan** · 03-21-2005, 06:25 PM

Since this is not exactly script-related, I'm moving it to General Support.
My personal opinion is this:

1. Have them each update/get a good Anti-virius + Ad-Aware (Good program)
2. If they do not have a firewall, turn on XP's (or get ZoneAlarm [good simple firewall])
3. Have them each scan their PCs with both.
4. Change their passwords via cPanel, or you can via WHM (AFTER you clean YOUR PC)
5. Delete ALL files and reupload backups of some sort; alternative, see #6
6. If no backups, download each file and check it by hand and scan it before reuploading.

**AndrewT** · 03-21-2005, 08:03 PM

No one here can tell you what happened exactly with any sort of certainty. We can look into it if you submit a trouble ticket but if anything has been changed since it happened the usefulness of information available will be limited.

**conard** · 03-22-2005, 10:50 AM

Thanks guys! I'll keep my eye out and if it happens again I'll provide a detailed file list and description in a trouble ticket.

Thanks,
Steve

**AndrewT** · 03-22-2005, 11:36 AM

A file list alone does not help all that much, you would need to submit a ticket with the account username and not touch anything until we've gone over it.

Site hack (non-php)

Site hack (non-php)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment