I think my site was hacked
Robin
posted 10th of July 2008
in
Community Voice.
15 comments.
Hello all,
I have a feeling my site was hacked. Frined from this site is helping me with this probblem and hope to get it resolved soon.
I though i share this with you and to let you know what i found if anyof you run into the same probelm.
I fouund the following in my cron job
/home/website/public_html/updates/y2kupdate >/dev/null 2>&1
I also found a folder called update whcih i renamed it to update?? and in it i noticed file names that Boonex would never use example f%^$.
can i del. this folder???
and the jobs i setup at the time of installation are all gone. since i didnt put the above job in the cron i also removed it...
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.
way to go
blame it all on dolphin, never blame yourself and lack of knowledge
Lack of knowledge only proves ignorance.
And stop being soo hostile....
my posting was to share my experience and I never actually said "Dolphin was hacked".
I posted a few things i found which was causing the problems so in the event this happens to somoene else in the future maybe they can keep this posting in mine for background information.
you have shared hosting. your shared hosting is what caused your site to be vulnerable, not dolphin, dolphin has passed security testing, ok we can say that no security is perfect, but if you host your site on a host that has far below the minimum requirements, we can safely say you are mostly to blame
cronjobs are set to 666 while you install them then at the end of the install you reverse them to 644
then they can not be changed, see more
If your serious about security, get a dedicated server.
I'm only using a shared server for developmental purposes.
you have shared hosting. your shared hosting is what caused your site to be vulnerable, not dolphin, dolphin has passed security testing, ok we can say that no security is perfect, but if you host your site on a host that has far below the minimum requirements, we can safely say you are mostly to blame")
So if it is never ment to be for shared host ,how come that alot of shared host servers have it on there servers for see more
not to jump on a band wagon here, but your post says "my site was hacked" which would lead those of us on here with "dolphin sites" would presume you were referring to your "dolphin site" since you posted that on the boonex/dolphin blog. by any chance was this attended to by your hosting provider? the server needs to be scanned, as it is my belief that if this was done, and you cant find any shell files on your portion of the shared server, then the hosting provider see more
Boonex guys say its the host problem, hostforweb says its the script.
Boonex says the host need to disable register_globals, host says I have to do it.
I have provided a link from my records( abuse notice) in one of earlier posts, looks like the hacker sent emails form aurora2.hosting4less.com.
xxxxxx
To: jclt@iecc.cambridge.ma.us
Subject: Aviso Importante.
X-PHP-Script: balkanlink.net/ray/modules/global/inc/content.inc.php see more
so
this old thing as
http://www.astalavista.com/index.php?section=exploits&cmd=details&id=6128
possible only if register_globals is On
this will impossible in Off value
So as result - hack-methods can be very much, so need to check all this, and if anybody have big experience with hacking - welcome :)
My host also says it's the script.
Now can we please return to some semblance of sanity and unity and can the attitudes?