homepage Welcome to WebmasterWorld Guest from 23.20.77.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
spamming using my site
spam redirect
fraudcop




msg:3868862
 3:11 pm on Mar 12, 2009 (gmt 0)


I was shocked to find out today , after a spam compaint by another site , that I had a directory inside my site containing 1850 files each one redirecting somewhere else.

Since my file has never been hacked - as far as I now -- I'm wondering who could have inserted this huge directory into my site and How can I prevent this happening again.

Any idea would been really appreciated

thanks

 

janharders




msg:3868877
 3:37 pm on Mar 12, 2009 (gmt 0)

>Since my file has never been hacked - as far as I now

now you know ;)

The most common attacks are via some buggy script on your site or via the server your site is hosted on (if it's a shared server). Quite a few hosting companys run unsecure php-configurations that allow local attackers to put files and, thus, code into your directory.

To prevent: check where it came from. was it a buggy script on your site? was it a local attack on the server? If you're on a dedicated server, chances are the whole system is taken over, in that case: backup your stuff and have someone reinstall the server from crash. then, carefully add your stuff again, checking that you don't just put "infected" code back up.
You can always get yourself a programmer to analyze the problem and audit your scripts. And you might want to look into switching hosts if it turns out to be a security problem at your provider...

fraudcop




msg:3868888
 4:05 pm on Mar 12, 2009 (gmt 0)

janharder,

thanks for your answer

It is my server hosted at [snip]

it seems the directory was installed yesterday inside another directory, so may be it is someone that knows the site more than a server problem, may be someone that worked on it.

it was installed inside a directory

[edited by: phranque at 6:52 am (utc) on Mar. 13, 2009]
[edit reason] hosting specifics [/edit]

MatthewHSE




msg:3868915
 4:57 pm on Mar 12, 2009 (gmt 0)

You say the spam directory was installed inside another directory...what was that other directory holding?

My guess is that the new directory was placed in the same directory that held whatever vulnerable script it was that they exploited.

fraudcop




msg:3868946
 5:37 pm on Mar 12, 2009 (gmt 0)

matthew,
the directory didn't contain any script but only other directories containing images files and one htm file each.

janharders




msg:3868981
 6:39 pm on Mar 12, 2009 (gmt 0)

Do you have access to raw apache log files? How about ftp transfer logs? Those would be my first choices, look through them around the time the files were created. If you cannot access them, ask your provider - they should be interested in working with you on this, it might well be a problem on their server.

what do you mean "someone who worked on it"? do other people work on the site besides yourself? have you checked with all of them, maybe someone transfered the wrong directory. do you trust all of them?

wheelie34




msg:3868989
 6:49 pm on Mar 12, 2009 (gmt 0)

The first thing you should do is change ALL passwords, then investigate.

JS_Harris




msg:3871306
 11:19 am on Mar 16, 2009 (gmt 0)

Agree with wheelie34, lock it down and disable the email function, since that's spamming right now, until you resolve this.

Change your login password as well as your database password immediately, you may need to update the config file with the new information afterwards.

The hardest part will be finding the weakness, update everything the site uses to the latest version for starters.

phranque




msg:3871761
 10:56 pm on Mar 16, 2009 (gmt 0)

this thread may have some useful information for you:
How Hacked Servers Can Hurt Your Traffic [webmasterworld.com]

fraudcop




msg:3871824
 12:26 am on Mar 17, 2009 (gmt 0)

thanks all for the great advice

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved