[Solved] Johnny Hacked

[PokeNerd]

Lol, what's done is done. You can't stop something that's already happened.

I'm trying to find out what the security flaw was.

[Byron]

Yes we are aware of this and will have it corrected soon. In the meantime let's try and keep the nmultiple threads about this to a minimum.

 

Moving to customer service...

[Byron]

Well what we can see is done, but let's hope he's truly done crawling around on the new server and doesn't decide to try it again. If he happens to tell you what the flaw was, and I doubt he will, please let us know. But since the server has only been up for a few days it might just be that djbob hasn't added the extra security that stevie has.

 

 

 

 

 

[PokeNerd]

Most likely, yes.

You may have some angry customers who didn't have backups.

 

[Byron]

As far as I know nobody has lost any data. The last time we were hacked nobody had lost any files.

 

[PokeNerd]

Well, when I look at my files through FTP, every one of them's content has been replaced.

[jje]

Yeah - we haven't been hacked for months.

 

Sorry for the inconvenience!

 

The filesystem mounted at [bleeped!] on this server is running out of disk space. cPanel operations have been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition.

Probably the hackers fault, as Johnny is brand new and fairly empty.

[Byron]

Well, when I look at my files through FTP, every one of them's content has been replaced.

 

Is every file replaced with the same thing?

 

[jje]

FTP in via our Area51, Byron. Then you'll see...

 

# -FrontPage-

 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

 

<Limit GET POST>

order deny,allow

deny from all

allow from all

</Limit>

<Limit PUT DELETE>

order deny,allow

deny from all

</Limit>

AuthName area51.heliohost.org

AuthUserFile /home/area51/public_html/_vti_pvt/service.pwd

AuthGroupFile /home/area51/public_html/_vti_pvt/service.grp

 

Lots of other files there too - looks like FrontPage 2003 work to me.

 

Looks like..... a form?

 

15 files in vti_pvt!

[Geraldo Fernandes]

[Byron]

FTP in via our Area51, Byron. Then you'll see...

 

# -FrontPage-

 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

 

<Limit GET POST>

order deny,allow

deny from all

allow from all

</Limit>

<Limit PUT DELETE>

order deny,allow

deny from all

</Limit>

AuthName area51.heliohost.org

AuthUserFile /home/area51/public_html/_vti_pvt/service.pwd

AuthGroupFile /home/area51/public_html/_vti_pvt/service.grp

 

Lots of other files there too - looks like FrontPage 2003 work to me.

 

Looks like..... a form?

 

15 files in vti_pvt!

 

All those look like the normal frontpage files to me. The reason we are seeing the hack page on our site is because it's replacing the queued page instead.

 

 

 

 

[jje]

We are aware of this and working to fix it.

 

Please can we keep discussion related to this topic in current topics, rather than creating new ones.

 

Closing...

[jje]

@byron - Okay.

 

@everyone else - Please DO NOT create new topics related to this problem

[Howled]

Just today create a site on yestarday created account, so all my data files need to re-upload coz a hack? And i still can't login "Sorry for the inconvenience!

The filesystem mounted at /home/howled on this server is running out of disk space. cPanel operations have been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition." What i should do to log in back? Or you still not fix it, and i need to be patient and wait till fix?

[PokeNerd]

Yeah, just be patient until they fix it.

I couldn't haggle anything out of the hacker.