phishing attack on myserver
Hi all,
A php application in my server got phishing attack.I found many new files inside that application folder. I dont know how this hack had been happened.We dont have ftp access for that application. Can any one please explain me how the hacker would have uploaded these files in to my application. And how to get rid of this.At present i have stopped my application. Your suggestions please. |
Quote:
|
Hi,
What are the information i need to provide.I am ready to share. |
Quote:
Quote:
What is the name of the application? If it's not homebrewn software, which version exactly? Was it installed correctly? (No setup files left, proper access permissions) Was it publicly accessible? (HTTPS vs HTTP, .htaccess or other access restrictions) Quote:
Do any of the web servers logs reference files found or show odd entries (often multiple lines) involving (output of) GET, curl, wget or other wget-like applications? Do any of the web servers logs show other anomalies around the times the files were placed? Quote:
Please confirm no other problems have arisen before, during and after file placement. If unsure which steps to follow please use this checklist: Intruder Detection Checklist (CERT): http://web.archive.org/web/200801092...checklist.html Please post back the results if any. * Please stay with the thread (subscribe?) until completion and reply as soon as possible when replies are posted. |
All times are GMT -5. The time now is 10:39 AM. |