I think my site was hacked

Robin posted 10th of July 2008 in Community Voice. 15 comments.

Hello all,

 

I have a feeling my site was hacked. Frined from this site is helping me with this probblem and hope to get it resolved soon.

 

I though i share this with you and to let you know what i found if anyof you run into the same probelm.

 

I fouund the following in my cron job

/home/website/public_html/updates/y2kupdate >/dev/null 2>&1

I also found a folder called update whcih i renamed it to update??  and in it i noticed file names that Boonex would never use example f%^$.

can i del. this folder???

 

and the jobs i setup at the time of installation are all gone.

since i didnt put the above job in the cron i also removed it...

 

 
Comments
·Oldest
·Top
Please login to post a comment.
Bramin
Now this blog exemplifies CONSTRUCTIVE criticism by pointing out a security issue and sharing the info she has for the rest of us to use so we do not get clobbered like she may have been. Thanks, Robin, and keep us all posted if you find any more information or if you have any questions that anyone might be able to answer which might help you out.
DosDawg
only thing she didnt do was call out where it was she is hosting. but that is on a post on the forum where she was proclaiming what a great host this was, and reccommending to other users.
sammie
ok so your host was hacked, that means your dolphin site was the cause of your ineptitude in choosing hosting that was below the minimum requirements.
way to go
blame it all on dolphin, never blame yourself and lack of knowledge
nuccca
I agree 100%.

Lack of knowledge only proves ignorance.
Robin
Sammie, you need to read my comment again.

And stop being soo hostile....

my posting was to share my experience and I never actually said "Dolphin was hacked".
I posted a few things i found which was causing the problems so in the event this happens to somoene else in the future maybe they can keep this posting in mine for background information.
praveenkv1988
Dolphin is not using the above mentioned crons and dirs. So it will be a hacking attempt.
sammie
dolphin was never and will never be writen for shared hosting.
you have shared hosting. your shared hosting is what caused your site to be vulnerable, not dolphin, dolphin has passed security testing, ok we can say that no security is perfect, but if you host your site on a host that has far below the minimum requirements, we can safely say you are mostly to blame

cronjobs are set to 666 while you install them then at the end of the install you reverse them to 644
then they can not be changed, see more unless your server was corrupt before, or hacked after the install.

most servers are hacked by (script kiddies) using old tools to prove they can hack, so they can join a boys club.
its kinda like trying to prove they can ge inside some pussy because they are cool and can talk their way into anything.
when infact, any smart girl would know they cant bluff their way out of a wet paper bag
nuccca
Again, Sammie breaks it down.

If your serious about security, get a dedicated server.
I'm only using a shared server for developmental purposes.
"(dolphin was never and will never be writen for shared hosting.
you have shared hosting. your shared hosting is what caused your site to be vulnerable, not dolphin, dolphin has passed security testing, ok we can say that no security is perfect, but if you host your site on a host that has far below the minimum requirements, we can safely say you are mostly to blame")

So if it is never ment to be for shared host ,how come that alot of shared host servers have it on there servers for see more you to install??
well dont they work eith dolphin? i think they do
im on Arvixe and Boonex recomend them ,and you even get a bonus ticket there 10% off price for a lifetime when you sign on that host
so if Dolphin was NOT ment to be used on shared host , well then Boonex is a scammer dont you think??
so what i mean is that i dont belive you that its only for deticated servers
DosDawg
robin,
not to jump on a band wagon here, but your post says "my site was hacked" which would lead those of us on here with "dolphin sites" would presume you were referring to your "dolphin site" since you posted that on the boonex/dolphin blog. by any chance was this attended to by your hosting provider? the server needs to be scanned, as it is my belief that if this was done, and you cant find any shell files on your portion of the shared server, then the hosting provider see more needs to scan and clean the server, its still vulnerable if the server has not been cleaned.

so maybe your post should have been my hosting account was hacked, oh well just my thoughts.

later,
DosDawg
nurke
My "dolphin" was hacked too. And I use hostforweb. vps.
Boonex guys say its the host problem, hostforweb says its the script.
Boonex says the host need to disable register_globals, host says I have to do it.
I have provided a link from my records( abuse notice) in one of earlier posts, looks like the hacker sent emails form aurora2.hosting4less.com.
xxxxxx
To: jclt@iecc.cambridge.ma.us
Subject: Aviso Importante.
X-PHP-Script: balkanlink.net/ray/modules/global/inc/content.inc.php see more for 201.86.181.91
From: Alto-AtendimentoBB <BancodoBrasil.gov.com@aurora2.hosting4less.com>
Reply-To: Alto-AtendimentoBB@server.balkanlink.net
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
xxxxxxxx

Now you tell me;
who is giver...who i receiver?
AndreyP
register_globals was first possible cause of all hack attacks
so
this old thing as
http://www.astalavista.com/index.php?section=exploits&cmd=details&id=6128
possible only if register_globals is On
this will impossible in Off value
So as result - hack-methods can be very much, so need to check all this, and if anybody have big experience with hacking - welcome :)
All of my dolphin scripts were hacked, too, but it's ok, I know it was all my fault or the fault of my server or maybe it was because I am a man and I like pussy.... what ever my short coming..... I was also hacked.

My host also says it's the script.

Now can we please return to some semblance of sanity and unity and can the attitudes?
makako
My site has been hacked for russian guys...My index page has been changed (redirection to this russian site...http://www.netalant.narod.ru/links.txt ... I upload the original page again and the problem are fixed).... but the hosting company said..." the problem is the script"....this action send all my traffic (my site have pagerank=3) at the hackers site...that is the custion...
stech786
My site got hacked tooo. And its 100% Dolphin Boonex fault. Dolphins show make things CLEARED before making user download Boonex. Now that I see dolphin is not good for shared hosting. After I spent $$$$ on its scripts. I have been in hosting for over 7 yrs, but NEVER EVER got hacked like this. :(-. what a shameful
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.072287082672119