We've Been Hacked !

[skiddieleet]

Really the only thing you can do since this is hosted by someone other than you, is to just bug them about security. You can't really fix any holes because it is not your server. It is illegal for us to check for holes because the hosting company probably wouldn't like that. It should be the responsibility of the hosting company to secure their server to the best of their ability. And if they can't keep it reasonably secure, you need to look elsewhere for hosting.

edit
oops, I had made a big booboo in my post, on this part "And if they can't keep it reasonably secure, you need to look elsewhere for hosting." It had said can before, and that is not right. Sorry about that, all fixed now.

[metaliana]

I see.... so if i get it right, then it's not possible to hack just OUR site? they HAVE to go through the server for getting there? ....

This is all so VERY confusing....if they cant hack our site on its own, then it's not much use breaking my head over whether or not it's secure or not....it's the server who's gotta worry about that then....

[groovicus]

Now you are on the right track....if your hosting company cannot help keep their site secure, then they are not worth of your money? And to hack your site in the first place, they (maybe)had to exploit a vulnerability on the server...it depends on wether they are just hosting, or if they set things up for you.

The other question that I don't recall being asked...do you have backups of all your information? Does your host keep backups for you?

EDIT: IMHO, if your hosting company is truly reputable, they will be bending over backwards to help you....a little bad publicity goes a long way.

Were there any other sites hosted by this company that suffered the same?

[metaliana]

We keep backups ourselves yes, My "boss" makes a backup every month, and as i'm doing all the design & updates, i have the latest version of the pages on my pc anyway

I dont know if there have been others "hit" , but from what we've gathered while spitting this out, the server does have the latest of the latest versions running.....we did report the "hacking" though, so i'm sure they'll do what's needed to prevent it for as much as that's possible. We cant complain really, this is the first time in 3 years this has happened to us ....

[steve.milner]

A couple of qusetions -

Are you running server-side javascript?

Do you have any data entry forms (guest book?) where that data is then displayed in html ?

If that is the case then it isn't too difficult to mess up your system, and if the server-side javascript is enabled it can be really messed up.

See these links:

http://www.securitytracker.com/alert...r/1004045.html
http://authors.aspalliance.com/gluck/security_part2.asp

Reading the rest of this discussion I would be suprised if this is what was used to exploit your system, but It's worth mentioning

Steve

[metaliana]

Uhm no, we dont have a guestbook, just a phpBB but the html is turned off there , and we got some SSI , no javascripts are used there though.

[oxygen]

Isn't it the job of the hosting company to backup all the datas in their server (I am not telling the client should not) and restore evry thign if situations like this occur....?

I think this is one of those mass defacements.......and its the hosting companys fault.........if they got in thru a hole in your site, the hosting company would have put all blames on you by now... and I believe its the responsibility of the hosting company to check what all craps are running on their server........just my 2c worth :-)

[stanger]

these guys are from brazil..so im 99% sure it's the phpBB,
where they got in.
(ver. 2.0.5/6??)
http://news.softpedia.com/news/2/200...ber/4820.shtml
to fix it read:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=135116

or do:
http://www.google.com/search?q=phpBB...UTF-8&oe=utf-8
to many and they even made it more miserable...
have a nice day

[metaliana]

well, i guess we're okay then cuz we have version 2.0.4 and it seems the hole came with something they tried to improve for the versions that came after ....

We checked for holes in our BB, and took all the precautions we possibly can.

[thehorse13]

The X FREE team is a well known, highly skilled and very organized trophy hacking group. I know they have about 1,000 - 1,200 defacements to their name. Someone mentioned they are from Brazil, yes, they are. You can actually find them out on IRC though I forget the exact channel on chatnet.

As far as catching them goes, you have a better chance at winning the lottery.