Dean Posted February 21, 2013 Report Share Posted February 21, 2013 Has anyone come across this before? HACKED BY ASHIK IQBAL CHY , BD GREY HAT HACKERS . One of my clients (not on a mdd server) has had all his websites taken down by this, after investigation it seems they have just done a mass upload of index.html and htm to every folder on the server? I would be gratefull for any information on this? Regards Quote Link to comment Share on other sites More sharing options...
Dean Posted February 21, 2013 Author Report Share Posted February 21, 2013 oh and index.php Quote Link to comment Share on other sites More sharing options...
Scott Posted February 21, 2013 Report Share Posted February 21, 2013 You should have the host investigate their logs to see how the account was accessed. You'll need the details to fix the security hole and repair any damage. Quote Link to comment Share on other sites More sharing options...
Dean Posted February 21, 2013 Author Report Share Posted February 21, 2013 I had told the customer same thing, they rang the company as soon as he had noticed it and they told him to ring back in 5 hours as the "abuse line" are currently shut! anyways they still have not got back to him yet and that was 8 hours ago. Thats just what you want from your host right!! I have checked the log files on the server and it seems that they tried accessing the root ftp, i have cleaned up all files they left behind and just waiting to hear from there host 1and1 (useless) Quote Link to comment Share on other sites More sharing options...
Dean Posted February 21, 2013 Author Report Share Posted February 21, 2013 Update,Received an email from one and one saying that they hackers either had our password or they accessed some vulnerability in our coding, claiming no other way in. None of our codes have any access details, are 1and1 just fobbing us of with an excuse?, I'm going to work on the customer to get him to swap hosting Quote Link to comment Share on other sites More sharing options...
Scott Posted February 22, 2013 Report Share Posted February 22, 2013 Update,Received an email from one and one saying that they hackers either had our password or they accessed some vulnerability in our coding, claiming no other way in. Compromises are almost always one of these two scenarios. The password being compromised should be fairly obvious if they have good logging for cPanel access, FTP, etc. Quote Link to comment Share on other sites More sharing options...
Dean Posted February 22, 2013 Author Report Share Posted February 22, 2013 They have there own web based management which pretty much sucks, we have changed all passwords and keeping an eye on inbound traffic, 1and1 will not give us any logs for this. We are going to go through all the codes to see if we can spot anything Thanks for the info Scott Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.