You should be able to look in the event logs of your server and see where that came from, however they have probably hidden their tracks pretty well and masked their IP address.

Welcome to WebmasterWorld kief24,

Bewenched, the actual site was quoted in the original post.

I would get your content fixed and contact your host, see if you can work with them on this as it is possibly a security breach on their part.

As you know the site where there is a copy of your content, you could contact the ISP of that site and inform them that the content does not belong to them.

Once hackers get local account, it's usually pretty easy to get root and become unnoticed in a next few years unless the server has been secured properly.

There are tools for detecting rootkits but they don't always help - they're called rkhunter and chkrootkit.

Keep in mind that some hacking may happen from current or past employees, especially if they see that security is second priority and it's easy for them to hide.

If possible, disconnect hard drive, connect to another box as a non-bootable drive, make a clone of it, and then investigate what happened.

Often hackers leave backdoors:
- patched php files
- setuid root files in obscure locations (like /dev/.console/something)
- kernel modules
- patched kernels
- something in startup scripts
- ...or in cron/at

You should also check your version conrol system and backups for changes.

Hopefully I didn't scare you too much :-)

Since this discussion thread is dealing with web site maintenance and security, my question is: does WebmasterWorld have a forum dedicated to this topic? It seem security is always a hot topic.

I browsed around (being a newbie to the site) and did not observe one ... yet.

I had a phpBB installation hacked within the past month. I received some good information from my site's host support line.

In my case, I noted one or more IP addresses (unidentified) with the same network number that was hammering on the root directory and the phpBB directory.

Additionally, there was an interesting set of search keywords that pointed to someone looking specifically for phpBB installations.

There is no specific area of WebmasterWorld dedicated to security as that might encourage "script kiddies" looking for "ressources" or give them too much "food for thought" ..

Most threads on the subject have dealt with more of what could be descibed as pro active computer and or server config measures and basic 101 security in order to avoid being hacked in the first place ..

As security alerts are posted by the various specialist sites ..they are usually communicated to other members here by mods or members with specific interest in that field ..

you will also find from time to time threads which touch upon security issues in other fora areas here such as the
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

Discussion tends to be on an ad hoc basis ..in response to a particular post or a "heads up" for example when a "security advisory" is issued in relation to ..for example PHP fora software or a specific browser ..

So far dealing with the subject in this way and not dedicating a specific fora to the subject appears to give members the community ressouces ..without encouraging "how to hack" threads ..

Works OK this way so far ..IMO :)

thx everybody for the help!

Problem solved now, i had an insecure version of my server cpanel (WHM)installed on it....

I hire the server, and this was the answer from the hosting company:

------------------------------------------------------------------
Hello,

<snip>

.....old, outdated, and insecure version of cPanel.....over 300 updates to CentOS that needed to be applied to your server....

</snip>

--------------------------------------------------------------

Could have been much worse i think.....
i'll keep an eye on those updates in the future!

[edited by: trillianjedi at 6:27 pm (utc) on Sep. 3, 2006]
[edit reason]
[1][edit reason] No email quotes, please. Why [webmasterworld.com] [/edit] [/edit][/1]

There is no specific area of WebmasterWorld dedicated to security as that might encourage "script kiddies" looking for "ressources" or give them too much "food for thought" ..

hmm... perhaps there should be one.

As far as the script kiddies getting any ideas from it, anyone that can type "google.com" can get much better info on hacking. The idea of such a forum would be to discuss the current hacks, security, and how to improve it. Not likely anything the average pseudo-hacker would be interested in.

There is no specific area of WebmasterWorld dedicated to security as that might encourage "script kiddies" looking for "ressources" or give them too much "food for thought" ..

I don't think that argument has a leg to stand on (especially considering the point raised above about searching). That is like saying we should hide away all discussion on home security just in case any burglars are reading. The only winners in that scenario are the burglars.

Whoa going a bit off topic here, please keep future posts on topic with the original post. If you want to request/discuss a new forum you should start a new post in the WebmasterWorld Community forum.