LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-16-2009, 08:02 PM   #1
mohtasham1983
Member
 
Registered: Apr 2005
Location: San Jose
Distribution: Fedora 3,4- Ubuntu 6.06 to 8.10, Gentoo and Arch
Posts: 408

Rep: Reputation: 30
My website home page php file was changed


Hello,

Last night, I decided to close down my website after 3 months, due to lack of interesting contents and low security. Today, when I woke up, I realized that someone else read my mind and did the job for me.

What happened was that he changed index.php on my host to some static html with some funny messages on it. I knew that my website was not safe against XSS attacks, so my first guess was that they use XSS attacks. However, I don't have any input form on my home page.

I went to cPanel and checked the modification date of index.php and in my wonder it was for a few days ago when I updated it by myself. Note that, The permission of file was 644.

Since the hacker left his email and his nickname, after googling I found a website, where it showed all attacks by him. Then all of a sudden, I noticed that my weblog under a subdomain of my website was hacked, too.

My weblog is a wordpress one. After downloading everything on my computer and doing a grep, I found that wp-config.php was changed to the same static page. Also, the modification date was for Dec 11, 2009 when I installed the weblog.

I'm very confused now. I can't even figure out what the problem is. Since it happened to both my code and wordpress, there could be something wrong with either PHP or my host.

Any idea what just happened to me?

PS. I'm going to totally forget about PHP and develop my new application on Django.
 
Old 04-16-2009, 08:20 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,543
Blog Entries: 54

Rep: Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924
Quote:
Originally Posted by mohtasham1983 View Post
Any idea what just happened to me?
Lots of things possible, RFI being the first thing that comes to mind.
Without more clues it'll be impossible to say though.
Found any interesting loglines?
 
Old 04-16-2009, 08:25 PM   #3
mohtasham1983
Member
 
Registered: Apr 2005
Location: San Jose
Distribution: Fedora 3,4- Ubuntu 6.06 to 8.10, Gentoo and Arch
Posts: 408

Original Poster
Rep: Reputation: 30
I just looked at the websites that were hacked by this guy. After pinging a few of them, I realized they all have the same IP address, which was the same as my IP address.

Called the tech support of my host, and they confirmed the issue with their servers configurations.

I know my code isn't that secure, but this attack was way too crazy for my code.
 
Old 04-22-2009, 05:53 PM   #4
hitman_forhire
LQ Newbie
 
Registered: Jan 2004
Location: Paducah, KY
Distribution: Ubuntu-Testing
Posts: 13

Rep: Reputation: 1
Interesting, who was the host? What version of Apache, php, etc. Was the host running this is always a great chance to see if anything can be learned, at minimum about a particular hosts security, lol.
 
Old 04-22-2009, 06:12 PM   #5
mohtasham1983
Member
 
Registered: Apr 2005
Location: San Jose
Distribution: Fedora 3,4- Ubuntu 6.06 to 8.10, Gentoo and Arch
Posts: 408

Original Poster
Rep: Reputation: 30
Inmotionhosting.

Apache: 2.2.10 (Unix)
PHP version 5.2.6
MySQL version 5.0.67-community-
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I output information from a PHP page to an HTML page? SentralOrigin Programming 3 01-10-2009 02:54 AM
php page displaying text that is supposed to be part of php code DragonM15 Programming 9 07-31-2008 05:58 PM
php page can't display but download as php file? taiwf Linux - Software 2 03-07-2006 06:57 PM
lost start page (home page?) multiplaone Linux - Newbie 1 05-29-2005 07:10 PM
/home partition changed to read-only file system! Echo Kilo Linux - Software 1 03-30-2005 02:59 PM


All times are GMT -5. The time now is 10:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration