Today my colleague asked me “hey, you have change your website to an image or your website has been hacked?”. I thought he must be entered the wrong URL. Then I visit my own site. OMG, it shows me the following image:
Ouch .. who did that.. my site is not that popular what..
I tried to contact my webhosting provider (www.hostexcellence.com) using live chat but nobody is answering. The website is really slow. I tried to logon into my account manager site, the site is very slow too.
Finally, I’m able to logon to the account manager. I tried to investigate the problems. There were 2 files created by the “hacker”/”cracker”. My index.php
was replaced and a new image file ownz.jpg
was created. The owner (linux’s user) of the files is httpd
. httpd
is a apache web server. I really don’t know how the hacker can put the files into my folder via httpd
. Maybe there was a security loopholes in httpd
.
After that, I replaced the hacked with the original index.php
and reported to hostexcellence.com. Hopefully they will solve the security problem as soon as possible else I have to move my files to other server.
Edrei says
Well, it not I can recommend you the server I’m using. It’s pretty handy without any security breaches unless of course you decide to use a very very short password. RM200 a year for 2 gigs of space, 25gig bandwidth, 1 addon domain, free domain on signup (not that you need it) plus all the usual features.
Alex (Hostexcellence support team) says
As I see you have set permissions for all folders to writeble and executeble by anyone. I suggest you to recheck permissions for all folders and get rid of “write” and “exec” permissions for “others”. It helps.
szehau says
OK. thanks.
“writeble and executeble by anyone”
is this mean it is done by user from the same shared hosting?
Felix Leong says
Does make me realise how important was it to backup and read about security issues (those are most likely to make me sleep, though :p)