RamonThis morning while blog hopping I came about Paulo Martinez website discussing about his experience when his website was hacked and how he overcome it, I thought of sharing this with you with a link to his site.
My daughter’s website was also hacked during the later part of 2007 which brought here a couple of sleepless night. Saw here in tears and I thought she was having a personal problem and I am ready to listen but the culprit is these son@#$ hacker.
Here is the story:
Cross Script Hacking - A Threat For All Bloggers
For days, my blog has been infected by a trojan virus. I was not aware of it until entrecard.com informed me that they have to remove my site from their network because of a trojan virus was found. I really got panicked! It was like the whole world fell down into me.
I contacted my host to help me remove the virus and with their help, I’ve learned a lot about the situation.
The attack is called as cross scripting hacking which can be done from any part of the world via browser just because of the possible reasons:
1) Old versions of php application and not upgraded
2) Weak php code in custom pages
3) Unwanted permissions like 755 or 777 on the directories and files.
This type of hacking was caused due to the following methods:
1) The attacker finds a hole in your users local PHP script, html scripts, javascripts etc.
2) The inject their own PHP, java, html code from a remote file making it run as if they
upload the page by regular FTP.
3) There are numerous ways you can easily collect the usernames of accounts if your account is insecure.
4) You can start to then brute guess passwords of user accounts
5) You can then start scouring the server for local exploits and use them to your advantage.
The hacker will check to see if wget, gcc and other system binaries are on the system and are accessible to use.
6) With a list of whats installed and what they can use, they can now download hacks and
start trying to crack your account and compiling code attempting to gain root, etc.
7) They can search any and all 777 permission files/directories and inject whatever they
feel like.
To solve the problem, my host advised me to re-upload my site to overwrite the infected files.
I also found out that the IP which are found are from Ukraine. And it’s already blocked on my host’s server. But the attack is taking place by changing the IP’s so they still told me to fix the permissions and upgrade the PHP applications.
My site is ok now and thanks to god I got rid of that virus! My thanks also to Nicola of the support team from 3ix.com.
Thanks Paulo for this very informative post!
But wait before I forget:
One minute Commercial:
Philippine Blog Contest - If this is not too much to ask? Kindly give me your two clicks of time to vote on this website. Please direct your mouse on this link http://www.gotpinoy.com/voteblog.cfm?BlogID=54 – Thank you so much!
| 2.5 |
Stumble it!
My StumbleUpon Page
on Feb 12th, 2008 at 10:34 am
Kuya,
Go to wordpress.org or wordpress.com and search “Math anti-spam’… after doing that, upload the file to your /wp-content/plugin directory, go to your dashboard and plugin tab… just click activate plugin when you see the plugin and that’s it. it’s ready to go.
you can upload the Math Anti-spam plugin file (extracted file, ok, not the .zip file. extract the .zip before uploading to the said directory) using any FTP softwares like Filezilla. If you don’t have one, better download Filezilla. it’s a free software (opensource).
on Feb 12th, 2008 at 10:05 pm
Jessie - Thanks a lot. Done! Hope it will work out fine.