Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
[edited by: oilman at 9:46 pm (utc) on July 29, 2004]
[edit reason] no specifics please [/edit]
Did you write any scripts on the site? If so, you probably overlooked something and left a security hole(s).
You mentioned it is an ecommerce site - are you using a ecommerce solution from another company (Miva Merchant , oscommerce, etc...)? If so, they are not hack-proof either. In fact, because they are so popular/well known - it is easier for security holes to be found in them!
It is possible for someone to write & delete files using port 80(http). I've seen it and experienced it - and is usually a security hole due to bad coding.
At $140/mo you probably are not behind a firewall. but even then, sites can still get hacked through common ports like 80, 443, etc.
In a nutshell - moving hosts may not be the issue. You should concentrate on finding out exactly how they did what they did. Look through your logs (web logs, messages logs, etc.) You need to find how they did it so you can fix the cause. If you move hosts and you didn't fix the problem, you may just get hacked again.
There is a method to take control over the filesystem of the server using the filesystem and ADSI object. The damage can be "somewhat" toned down if very strict permissions are set. You can view and change every single file on all drives that are mounted on the server. This exploit has been around for YEARS, from IIS4 to IIS6. Unfortunately Microsoft hasn't done anything about it yet.
I have been through many many host (shared environment), from cheap ones $12 bucks/mo to $49/mo, so far I have not seen 1 single host that has this problem resolved. Partially because setting the necessary permission to stop this exploit will also make many other software unuseable (most webcontrol panel) If you are serious in running a business online, get a dedicated and the problem will be solved.