Welcome to WebmasterWorld Guest from 23.21.38.201

Forum Moderators: phranque

spamming using my site

spam redirect

   
3:11 pm on Mar 12, 2009 (gmt 0)

10+ Year Member




I was shocked to find out today , after a spam compaint by another site , that I had a directory inside my site containing 1850 files each one redirecting somewhere else.

Since my file has never been hacked - as far as I now -- I'm wondering who could have inserted this huge directory into my site and How can I prevent this happening again.

Any idea would been really appreciated

thanks

3:37 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



>Since my file has never been hacked - as far as I now

now you know ;)

The most common attacks are via some buggy script on your site or via the server your site is hosted on (if it's a shared server). Quite a few hosting companys run unsecure php-configurations that allow local attackers to put files and, thus, code into your directory.

To prevent: check where it came from. was it a buggy script on your site? was it a local attack on the server? If you're on a dedicated server, chances are the whole system is taken over, in that case: backup your stuff and have someone reinstall the server from crash. then, carefully add your stuff again, checking that you don't just put "infected" code back up.
You can always get yourself a programmer to analyze the problem and audit your scripts. And you might want to look into switching hosts if it turns out to be a security problem at your provider...

4:05 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



janharder,

thanks for your answer

It is my server hosted at [snip]

it seems the directory was installed yesterday inside another directory, so may be it is someone that knows the site more than a server problem, may be someone that worked on it.

it was installed inside a directory

[edited by: phranque at 6:52 am (utc) on Mar. 13, 2009]
[edit reason] hosting specifics [/edit]

4:57 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You say the spam directory was installed inside another directory...what was that other directory holding?

My guess is that the new directory was placed in the same directory that held whatever vulnerable script it was that they exploited.

5:37 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



matthew,
the directory didn't contain any script but only other directories containing images files and one htm file each.
6:39 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Do you have access to raw apache log files? How about ftp transfer logs? Those would be my first choices, look through them around the time the files were created. If you cannot access them, ask your provider - they should be interested in working with you on this, it might well be a problem on their server.

what do you mean "someone who worked on it"? do other people work on the site besides yourself? have you checked with all of them, maybe someone transfered the wrong directory. do you trust all of them?

6:49 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



The first thing you should do is change ALL passwords, then investigate.
11:19 am on Mar 16, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Agree with wheelie34, lock it down and disable the email function, since that's spamming right now, until you resolve this.

Change your login password as well as your database password immediately, you may need to update the config file with the new information afterwards.

The hardest part will be finding the weakness, update everything the site uses to the latest version for starters.

10:56 pm on Mar 16, 2009 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



this thread may have some useful information for you:
How Hacked Servers Can Hurt Your Traffic [webmasterworld.com]
12:26 am on Mar 17, 2009 (gmt 0)

10+ Year Member



thanks all for the great advice
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month