homepage Welcome to WebmasterWorld Guest from 54.225.24.227
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Recent PHP Hack
Need help
SparkedOut




msg:4106100
 8:02 pm on Mar 28, 2010 (gmt 0)

I have recently been hacked by a php hack, this was not justified and instead of a small alt or something annoying he DELETED everything on my server account. I am looking for help to secure my site and should he or his friends try this again they receive a returning virus a reverse hack ( is this possible!). I am a small business and for some time now been unable to work through my site.
Please help.

 

WesleyC




msg:4106112
 8:42 pm on Mar 28, 2010 (gmt 0)

A "reverse hack" or virus won't work. There's no feasible way to make anything of that nature function at all.

Your best bet is to change every single password on the account, contact the hosting provider and ask them to completely wipe your account and recreate it, databases and all (if the hacker(s) deleted everything anyway, this can't do you any harm, and it may remove any trojans left by the intrusion), then restore your site from backups. If you don't have recent backups, ask the hosting provider if they have any--but don't rely on them having recent backups, as they aren't obligated to do so.

You should be taking regular backups of your site anyway--if you don't know how, that can be answered by numerous other threads on this site. Regular backups are crucial to preventing information loss.

Also, try to figure out how the hacker attacked your system. Was it through PHP vulnerabilities? Did the attacker compromise your hosting account? Did someone brute-force your FTP login information? Did someone slip a trojan onto your computer that sniffs FTP logins? Depending on the type of intrusion, your response may be to fix your code, change hosting providers, and set up a login lockout on your FTP accounts (or switch to SFTP).

Another thing to check is your password strength. Good passwords should prevent many hacks. In general, wherever possible I actually use a passphrase--an entire sentence, rather than a single word. My average passphrase length is about 40 characters, contains non-dictionary words, numbers, upper/lowercase letters, and symbols. It takes a few seconds longer to type each time you need to enter it, but a good password manager can save you even this minor hassle--and anyone attempting to brute-force your password will have to spend several years doing so. :)

StoutFiles




msg:4106118
 8:53 pm on Mar 28, 2010 (gmt 0)

should he or his friends try this again they receive a returning virus a reverse hack


Hahaha.

jatar_k




msg:4106958
 12:57 pm on Mar 30, 2010 (gmt 0)

Welcome to WebmasterWorld SparkedOut,

you should keep all software up to date so as to plug any known vulnerabilities. If software you use is very out of date then maybe upgrading to an active software may help.

forms are also a common point of entry but just keeping an active software up to date would help there.

Any unused accounts (ftp/shell/other) that might be hanging around should be removed.

file permissions as 777 or world writable should be stopped as another common hole.

though it is infuriating, I've been dealing with it in one form or another for 10 years, it is normal and a common;y overlooked fact of ding business on the web. Even if it was possible to reverse hack them, that would be illegal and is not advisable.

dreamcatcher




msg:4107426
 7:01 am on Mar 31, 2010 (gmt 0)

If you are running on a shared server, are you sure the problem didn`t arise from someone else`s site? For max security you should get a dedicated box and tighten it up as much as possible.

dc

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved