-
January 20th, 2012, 02:50 PM
#11
Junior Member
Instronics and Muracu, that's a lot of very helpful information. (My only criticism is that there's no real connection between it and my easily misinterpreted comment about a "back door!")
Some specific responses:
Saying that you are certain that these modifications are not done by hand...
The lawyer in me says I should point this out: I didn't say that; I only said that they "look automated to me." I detest people who claim to be certain of things that are merely possible or probable, so I'm sensitive to imputations that I have done it myself (and I am mortified when I actually do it myself)!
Out of interest... you say the modified code redirects you to some suspicious site? What site is that?
There has actually been a fourth attack since my OP... same domain, same technique, different site. The first one was http://margingradient.ru. The second was http://changedivstyle.ru; the full URL was http://changedivstyle.ru/vis/index.php.
I've set permissions on both .htaccess and index.php to 404, which I hope will stave off further attacks until I can resolve the root (pun intended) problem.
He allows FTP access without encryption??????
Not merely allows it... practically requires it. I didn't even know SFTP was available until I stumbled across the fact on another blog while researching this problem. My reaction is about the same as yours, although I confess that I shrugged it off until we started having problems.
In any case... you can not solve the issue without having root access to the host machine...
That's pretty much what I wanted to confirm. It sounds like the only thing I can do on my own initiative is demand SFTP access, and I can't even get it without the host's cooperation.
One more thing... you mention that you are thinking about going for a dedicated box. Do you have the means of securing & administrating this properly?
No, we most certainly do not. That is what has deterred me from recommending it up to now.
If we do go to a dedicated server, we need to find another host who will provide one while retaining responsibility for system management. I recognize that that implies the host will retain a great degree of control... we can't expect them to be responsible for system management if we have authority to fool around with the HTTP server's configuration and such. That's not a problem for us... lack of security, and lack of ability to control things like php.ini, are problems.
...check the time stamp on the script to see when it was modified if possible.
I did that, and found that the break-in was not logged. I infer (but cannot prove) that it was not accomplished through FTP.
Similar Threads
-
By intmon in forum Security News
Replies: 1
Last Post: July 15th, 2005, 06:52 PM
-
By SwordFish_13 in forum AntiOnline's General Chit Chat
Replies: 19
Last Post: April 5th, 2004, 04:40 AM
-
By SDK in forum AntiOnline's General Chit Chat
Replies: 0
Last Post: February 27th, 2004, 03:56 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By DigitalSyntax in forum Web Security
Replies: 0
Last Post: March 27th, 2003, 08:25 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|