1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:40 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Hacked!

All index files throughout site replaced

         

surfgatinho

9:49 am on Aug 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I run a website that is hosted by someone else. The site is a postnuke site but I think it is the server that has been compromised.
Yesterday the site was hacked and the index.php file in the root directory was replaced I fixed it and changed a few file permissions. Today however every single index file on the site has been replaced - obviously with a script as there are quite a lot.

From what I know about permissions and security you would need pretty good access to do this, i.e. shell or equivalent for that account.

Could anybody confirm what kind of compromise would be required to gain this level of access.

Thanks in advance,
Chris

dcrombie

9:55 am on Aug 17, 2005 (gmt 0)



I would check your content management system and make sure it's the latest version and fully patched. The problem with using packages such as PostNuke, PHPBB, etc. is that when an exploit is discovered, EVERY website using it becomes vulnerable.

Start here [news.postnuke.com]

;)

surfgatinho

10:05 am on Aug 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Thanks dcrombie
Can't really upgrade to the latest version as it has been extensively customised and would be a nightmare.

What I really need to know right know is whether the current security problem is possible through postnuke or the level of compromise requires account admin priviliges on the server.

trillianjedi

10:16 am on Aug 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Absolutely possible through postnuke, or a forum (pnPHPBB2 perhaps?).

Can't really upgrade to the latest version as it has been extensively customised and would be a nightmare.

Then you're completely stuffed. Seriously, stuffed. You must upgrade at least the function etc scripts. Do it manually if necessary - with each major update there is usually a step by step guide of changes. You must do it - there is no excuse for not doing it!

TJ

surfgatinho

10:39 am on Aug 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Removed pnPHPBB2 a while back. But yes I guess I could upgrade really, if the client was a paying client(!)

So any suggestions how such a compromise could happen?

trillianjedi

11:06 am on Aug 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The compromise can happen in a number of ways.

Could be a buffer overflow exploit on apache. Could be that they took advantage of a security hole on a PN script.

You need to have a look through your logs to find out.

TJ

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:40 am May 2, 2026