Hack Attack...

[Just Visit...]

What do you think of http://www.zone-h.org ... They list a bunch of Hackers and Defacements Attack, 3 sites I operate have been listed here before... and my recent one by this guy and his forum at http://www.numberonehack.org/ ... (anyway you can hide there links on the post since they actually like publicity)...

In this light I have a question, I have a prevention for html inject on my scripts, but how can I protect against them actually putting an index.html file inside my folders when my main index page is on index.php... How can I point my server just to read my index.php rather than the index.html? I think I can do that with htaccess? But im not totally a pro with the access file though, just tried to learn it in the past 6 months...

[Free WordPress Themes]

while your question is not really clear to me... you should check at the apache site mod_rewrite and maybe the directive "DirectoryIndex"

[Just Visit...]

Yep I do use DirectoryIndex on my htaccess, but the problem is the hackers are able to create an index.html file on the root folder... How do I prevent this...

[Free WordPress Themes]

Yep I do use DirectoryIndex on my htaccess, but the problem is the hackers are able to create an index.html file on the root folder... How do I prevent this...

by securing the server?

[Just Visit...]

Thanks for the Answers, yes I want to secure my server, but the problem is not on the server, maybe it's on my scripts...As I checked, theres frequent access on my php file, and maybe there is an open exploit. anyways, I hope I can plug the holes soon...

[Free WordPress Themes]

Thanks for the Answers, yes I want to secure my server, but the problem is not on the server, maybe it's on my scripts...As I checked, theres frequent access on my php file, and maybe there is an open exploit. anyways, I hope I can plug the holes soon...

sure, what is the function from this script?

[Just Visit...]

I cant pinpoint specifically yet, just discovered the problem 2 days ago, and have no time to troubleshoot it, or hard test the script...

[Free WordPress Themes]

I cant pinpoint specifically yet, just discovered the problem 2 days ago, and have no time to troubleshoot it, or hard test the script...

... but there is some interaction possible with this script?

[Join us @ facebook]

Have you contacted your host?

Those turks fellas probably are those that I know because I think they used the same trick on you.

1) There is an XSS vulnerability in your site or in another site of your server. Something like include $_GET['something'] ;
2) Check your crontab entries. They use it to get more permissions
3) Check the /tmp directory. They upload a service there (a perl script) that do this job (creating an index.html on every wwwroot directory)

Hope that helps

[Free WordPress Themes]

I think in this times its not bad to disable this php directive:

allow_url_fopen = 0]

EDIT:

wrong directive:

use
allow_url_include = 0

[Free WordPress Themes]

I think in this times its not bad to disable this php directive:

allow_url_fopen = 0]

EDIT:

wrong directive:

use
allow_url_include = 0

hm... just noticed that this setting is for servers with php 5.2 or higher

[Yes There is...]

I cant pinpoint specifically yet, just discovered the problem 2 days ago, and have no time to troubleshoot it, or hard test the script...

... but there is some interaction possible with this script?

Yes There is...

Have you contacted your host?

Those turks fellas probably are those that I know because I think they used the same trick on you.

1) There is an XSS vulnerability in your site or in another site of your server. Something like include $_GET['something'] ;
2) Check your crontab entries. They use it to get more permissions
3) Check the /tmp directory. They upload a service there (a perl script) that do this job (creating an index.html on every wwwroot directory)

Hope that helps

Good Tip, will check on first two, checked on 3rd one, didn't find anything...

[Join us @ facebook]

Do they hacked one site or the whole server?

Are your sites running in safe mode?

Another tip. Run this from SSH in your htdocs directory :

Code:

chown root:root -R /var/www/htdocs

Those hack scripts usually don't run with root privileges so there will be no way for them to touch your files this way.

[Just Visit...]

actually on those 3 sites, the two subdirectories and the first attack was a full home page defacement, the home page defacement was due to an insecure host... the subdirectory attacks I think and might be due to my sloppy PHP security...

[Guest]

[36.906]

Yahoo crawler, Baidu Spider, adsense, Msnbot, Googlebot