szehau.com has been hacked!
Today my colleague asked me “hey, you have change your website to an image or your website has been hacked?”. I thought he must be entered the wrong URL. Then I visit my own site. OMG, it shows me the following image:
Ouch .. who did that.. my site is not that popular what..
I tried to contact my webhosting provider (www.hostexcellence.com) using live chat but nobody is answering. The website is really slow. I tried to logon into my account manager site, the site is very slow too.
Finally, I’m able to logon to the account manager. I tried to investigate the problems. There were 2 files created by the “hacker”/”cracker”. My index.php was replaced and a new image file ownz.jpg was created. The owner (linux’s user) of the files is httpd. httpd is a apache web server. I really don’t know how the hacker can put the files into my folder via httpd. Maybe there was a security loopholes in httpd.
After that, I replaced the hacked with the original index.php and reported to hostexcellence.com. Hopefully they will solve the security problem as soon as possible else I have to move my files to other server.
December 22nd, 2005, 10:30 pm
Well, it not I can recommend you the server I’m using. It’s pretty handy without any security breaches unless of course you decide to use a very very short password. RM200 a year for 2 gigs of space, 25gig bandwidth, 1 addon domain, free domain on signup (not that you need it) plus all the usual features.
December 23rd, 2005, 12:44 am
As I see you have set permissions for all folders to writeble and executeble by anyone. I suggest you to recheck permissions for all folders and get rid of “write” and “exec” permissions for “others”. It helps.
December 23rd, 2005, 1:10 am
OK. thanks.
“writeble and executeble by anyone”
is this mean it is done by user from the same shared hosting?
December 23rd, 2005, 9:32 am
Does make me realise how important was it to backup and read about security issues (those are most likely to make me sleep, though :p)