google has given me a message of a suspected hacking. My site is on Have Host. How do I check things out with out knowing code?
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
After a brief look I don’t see anything in the code that would give me cause for concern although google believes there is something in there it didn’t like.
Change the log-in details for your account for a strong password (no names or easy to guess phrases), clear all of the content, and re-upload your site with Freeway. You should follow Google’s instructions on cleaning your site;
Re-indexing your site may take a while so be patient but do follow the steps outlined in their guide.
Good luck.
Tim.
On 29 Jun 2012, at 01:36, shybuckstudio wrote:
google has given me a message of a suspected hacking. My site is on Have Host. How do I check things out with out knowing code?
FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com
FreewayStyle.com - Free Freeway templates and parts to download, use and explore - http://www.freewaystyle.com
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
This happened to me very recently on HaveHost. My email address was used for sending out spam. I was receiving hundreds of bounced emails. The hack enabled the idiot doing it to place a folder called /tore/donvection.php with the entirely malicious file donvection.php. There were hundreds of files inside this directory tore.
It’s fixed now, but it’s not pleasant. I was getting a lot of angry emails from people. I never received a reply from HH about how this access was gained or how likely it was to happen again. Good luck.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
An afterthought, shybuckstudio, presumably you’ve contacted HH? Ask James if your site and mine (hfdesign.net) are on the same server. If they are, something nasty lurks within.
K.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
I can’t speak for James, but I can tell you from bitter experience that all it takes (on a shared server like those at HH) is for one chucklehead to install an elderly copy of Wordpress or PHPBB on the same server as you to have the entire box get “pwned”.
The very definition of shared hosting is that there is one copy of Apache running, and hundreds or thousands of different virtual hostnames configured within that copy of Apache. There is nothing wrong with this approach, it is pretty much the norm, and it’s what Apache was designed to do.
A badly-written script will allow an attacker to upload a file, then access that file from a URL, and execute it with root privileges. (Root is the all-father of accounts on any computer. It can see/edit/create/delete any file without challenge.) Once this happens, any number of different exploits can be run. Often these attacks are multifold. A file is uploaded in one host, which acts as a beachhead. That uploaded file then runs a scanner across the entire rest of the server, looking for exploitable versions of popular server applications. When one is found, the next wave of the attack may proceed from a different hostname than the initial attack.
There are several other ways to configure a server so that this can’t happen, but it’s slightly more work for the administrator, and more tellingly, it means that the server administrators can’t pack as many virtual hosts into the same box, because the memory requirements per site are greater.
Walter
On Jun 29, 2012, at 5:23 AM, Kryten wrote:
I never received a reply from HH about how this access was gained or how likely it was to happen again.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Thank you all for the prompt feedback,I am a little baffled by badly written script and how I may reconfigure it. …however I am in the middle of creating a brand new site. When my site is finished I’ll delete all the old files on the server and upload my new site…guessing this will make google happy. I am convinced the site has been hacked since I am getting my share of weird email and undelivered mail I never sent.
A while back I had a malfunctioning hard drive and lost a number of files including my web site…so uploading new files are out of the question. I was hoping I could delete the hacked files from the server.
I will contact James and let him know about Kryten’s site.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
The badly written script doesn’t have to be on your site for this to happen to you. Someone else could have installed an old version of a popular script like Wordpress or PHPBB (to name just two that are known for this sort of exploit). Once that exploit takes hold on the server, it does not matter one bit if you clean up your site, the problem will come back unless the entire server is scrubbed.
Walter
On Jun 29, 2012, at 11:29 AM, shybuckstudio wrote:
Thank you all for the prompt feedback,I am a little baffled by badly written script and how I may reconfigure it. …however I am in the middle of creating a brand new site. When my site is finished I’ll delete all the old files on the server and upload my new site…guessing this will make google happy. I am convinced the site has been hacked since I am getting my share of weird email and undelivered mail I never sent.
A while back I had a malfunctioning hard drive and lost a number of files including my web site…so uploading new files are out of the question. I was hoping I could delete the hacked files from the server.
I will contact James and let him know about Kryten’s site.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Once that exploit takes hold on the server, it does not matter one bit if you clean up your site, the problem will come back unless the entire server is scrubbed.
That is kinda worrying.
K
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Any way to create a footer background that bleeds horizontally and will work without scaling site on iPhone or iPad? (For reference, see footer at bottom of site)
http://www.plantpie.com/Beta/index.html
Brett
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
A badly-written script will allow an attacker to upload a file
Another reason to exercise extreme caution if you want to implement any sort of File uploads into your Site.
It is not just your site/server - you can be putting hundreds of other sites at risk.
D
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
You really need to involve the hosting provider. File a support ticket, tell them to search the entire server for a rootkit or other evidence that the machine has been compromised. How they react to this request will be a measure of their competence and professionalism as sysadmins. If they try to blame you, or push back, I would seriously consider taking your business elsewhere.
Walter
On Jun 29, 2012, at 12:09 PM, Kryten wrote:
Once that exploit takes hold on the server, it does not matter one bit if you clean up your site, the problem will come back unless the entire server is scrubbed.
That is kinda worrying.
K
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Sorry about posting unrelated question in this thread. Please disregard.
Brett
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Gents - thanks sincerely for your input. I have raised a ticket with HH and pointed James this way.
K.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
I have posted a ticket with Have Host explaining to them what is going on with my site and Kryten’s site. Hope for a response soon. Yes if action does not happen I will change hosting providers before you can blink. I’m thinking since Kryten has contacted James he will look into this and resolve any issues.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options