My website has just been hacked

[wurkanimal]

I have been getting a lot of abusive email lately, just deleted them and thought nothing off it. Just about to go to bed and I see my website has been hacked.

www.pic-spot.com

They also said they were after www.anotherlaugh.com and www.shinyproxy.com

 

[NameCharger]

did they hack your hosting company servers?

or was your login password compromised?

 

[wurkanimal]

Hi.

They didn't hack the servers, all they got is just installed an index.html file, all I can do is delete the file but the only thing what is worrying me is how they got in.

 

[antic]

Did you contact their tech support?

 

[ccm]

how easy was your hosting log in name and pass?

 

[bl4ckwolf]

check for new php files in your folders. They may have put php scripts to re-enter your account, even if you changed your password.. they could also use yor account to do DOS attack. pay attention to your files, database and all and tell your host about the problem as security is a big concern.

 

[CrazyTech]

These Turkish hackers typically exploit programs that are not updated or are vulnerable in some fashion or another. Are you running some sort of script such as a forum or blog on these sites?

 

[frendz]

Well.. i have experienced da same thing..
i was hosting frendzshare.com then only index.html page added that u r hacked..
but as im also php scripter..i was confirm that my script was perfect..
finally i noticed that it was done by my server admin..
finally i left server..& got new my own server & now my site is ok...

this was my bad server experience.... the admin just wanted to leave the server

 

[Presto]

Check permissions (chmod) on your files - never leave anything 777 apparently.

What advice have others had when this has happened to them?

 

[3l3ctr1c]

I just did some checks and found out what the vulnerability was.

Your php script is just checking for the first header and the extension of the file, which means that an evil guy can upload a "php shell" in the extension of a gif with gif's header in the starting. This fools the script, which thinks it's a gif file. Using a php shell, if you're server is not in safe mode and the files are in 777, the evil guy can modify any file.


Check this for my proof of concept -

http://pic-spot.com/images/bfi1177575047x.jpg?

Note that it'll only execute on a IE browser. All I did was add a javascript alert() and some html to prove my point.

3l3ctr1c

 

[frendz]

What your trying to say ???

see i saw images.. its just same link in form of image...

& when i downloaded it & open in notepad. i saw

some html code that alerts
"Proof Of conecept, for upload vulnerability:D"

lol he can upload but how can he execute it ??
coz of jpg he cant ... then ??

OK ok... saw this code after ward that execute it in I.E.

but what safety shall i take..
or what should i change in script now...??

...........................................................

hey lol... i have addded some php script in it...
& uploaded.. but i got conclusion that it only executes html
not php script... you can try it..
check da link

http://pic-spot.com/images/jdv1177597497x.jpg

check out it & now say ???

 

[-bank-]

Sounds like you need an upload script that defines, before uploading, what type of file it can be, you might need to scan through the site through a file checker, maybe.

The best you can do, is if you have an admin panel for it, then view all the pictures, if a picture doesn't load, delete it, you'll need to check at least daily.

edit:.... Its not just the php, you can easily put java up and execute that, transfer a file over into the 777 folder then execute on the server.