Today my colleague asked me “hey, you have change your website to an image or your website has been hacked?”. I thought he must be entered the wrong URL. Then I visit my own site. OMG, it shows me the following image:
Ouch .. who did that.. my site is not that popular what..
I tried to contact my webhosting provider (www.hostexcellence.com) using live chat but nobody is answering. The website is really slow. I tried to logon into my account manager site, the site is very slow too.
Finally, I’m able to logon to the account manager. I tried to investigate the problems. There were 2 files created by the “hacker”/”cracker”. My index.php was replaced and a new image file ownz.jpg was created. The owner (linux’s user) of the files is httpd. httpd is a apache web server. I really don’t know how the hacker can put the files into my folder via httpd. Maybe there was a security loopholes in httpd.
After that, I replaced the hacked with the original index.php and reported to hostexcellence.com. Hopefully they will solve the security problem as soon as possible else I have to move my files to other server.
Well, it not I can recommend you the server I’m using. It’s pretty handy without any security breaches unless of course you decide to use a very very short password. RM200 a year for 2 gigs of space, 25gig bandwidth, 1 addon domain, free domain on signup (not that you need it) plus all the usual features.
As I see you have set permissions for all folders to writeble and executeble by anyone. I suggest you to recheck permissions for all folders and get rid of “write” and “exec” permissions for “others”. It helps.
OK. thanks.
“writeble and executeble by anyone”
is this mean it is done by user from the same shared hosting?
Does make me realise how important was it to backup and read about security issues (those are most likely to make me sleep, though :p)