Welcome to WebmasterWorld Guest from 54.158.253.134

Forum Moderators: phranque

Message Too Old, No Replies

spamming using my site

spam redirect

     
3:11 pm on Mar 12, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 8, 2004
posts: 126
votes: 0



I was shocked to find out today , after a spam compaint by another site , that I had a directory inside my site containing 1850 files each one redirecting somewhere else.

Since my file has never been hacked - as far as I now -- I'm wondering who could have inserted this huge directory into my site and How can I prevent this happening again.

Any idea would been really appreciated

thanks

3:37 pm on Mar 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 31, 2008
posts:661
votes: 0


>Since my file has never been hacked - as far as I now

now you know ;)

The most common attacks are via some buggy script on your site or via the server your site is hosted on (if it's a shared server). Quite a few hosting companys run unsecure php-configurations that allow local attackers to put files and, thus, code into your directory.

To prevent: check where it came from. was it a buggy script on your site? was it a local attack on the server? If you're on a dedicated server, chances are the whole system is taken over, in that case: backup your stuff and have someone reinstall the server from crash. then, carefully add your stuff again, checking that you don't just put "infected" code back up.
You can always get yourself a programmer to analyze the problem and audit your scripts. And you might want to look into switching hosts if it turns out to be a security problem at your provider...

4:05 pm on Mar 12, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 8, 2004
posts: 126
votes: 0


janharder,

thanks for your answer

It is my server hosted at [snip]

it seems the directory was installed yesterday inside another directory, so may be it is someone that knows the site more than a server problem, may be someone that worked on it.

it was installed inside a directory

[edited by: phranque at 6:52 am (utc) on Mar. 13, 2009]
[edit reason] hosting specifics [/edit]

4:57 pm on Mar 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 9, 2003
posts:1908
votes: 0


You say the spam directory was installed inside another directory...what was that other directory holding?

My guess is that the new directory was placed in the same directory that held whatever vulnerable script it was that they exploited.

5:37 pm on Mar 12, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 8, 2004
posts:126
votes: 0


matthew,
the directory didn't contain any script but only other directories containing images files and one htm file each.
6:39 pm on Mar 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 31, 2008
posts:661
votes: 0


Do you have access to raw apache log files? How about ftp transfer logs? Those would be my first choices, look through them around the time the files were created. If you cannot access them, ask your provider - they should be interested in working with you on this, it might well be a problem on their server.

what do you mean "someone who worked on it"? do other people work on the site besides yourself? have you checked with all of them, maybe someone transfered the wrong directory. do you trust all of them?

6:49 pm on Mar 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 6, 2005
posts:863
votes: 0


The first thing you should do is change ALL passwords, then investigate.
11:19 am on Mar 16, 2009 (gmt 0)

Senior Member

joined:July 29, 2007
posts:1780
votes: 100


Agree with wheelie34, lock it down and disable the email function, since that's spamming right now, until you resolve this.

Change your login password as well as your database password immediately, you may need to update the config file with the new information afterwards.

The hardest part will be finding the weakness, update everything the site uses to the latest version for starters.

10:56 pm on Mar 16, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10928
votes: 79


this thread may have some useful information for you:
How Hacked Servers Can Hurt Your Traffic [webmasterworld.com]
12:26 am on Mar 17, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 8, 2004
posts: 126
votes: 0


thanks all for the great advice