+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: My almost ci site hack (/showthread.php?tid=68698)
Pages:
1
2
My almost ci site hack - Marku - 08-14-2017
How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
RE: My almost ci site hack - Paradinight - 08-14-2017
(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
First shutdown all website.
Did the hacker change the file content or only the website output?
RE: My almost ci site hack - Diederik - 08-14-2017
First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.
RE: My almost ci site hack - skunkbad - 08-14-2017
(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.
That and if the FTP is not encrypted, that's almost 100% the problem. Never use FTP that is not encrypted.
RE: My almost ci site hack - skunkbad - 08-14-2017
(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
There's really no chance that this has anything to do with CI.
RE: My almost ci site hack - Marku - 08-14-2017
(08-14-2017, 11:47 AM)Paradinight Wrote:(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
First shutdown all website.
Did the hacker change the file content or only the website output?
only the website output
RE: My almost ci site hack - Marku - 08-14-2017
(08-14-2017, 07:21 PM)skunkbad Wrote:(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.
That and if the FTP is not encrypted, that's almost 100% the problem. Never use FTP that is not encrypted.
may i also need to change database sql
RE: My almost ci site hack - Paradinight - 08-14-2017
(08-14-2017, 07:23 PM)skunkbad Wrote:(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
There's really no chance that this has anything to do with CI.
It could be anything:
- sql injection
- without file check, the hacker could upload anything. eg. youurl.com/upload/badphpfile.php
- misuse of shell_exec
- backdoors from a former employee
- old plesk, old phpmyadmin
- old server version
Are the 80 sites on the same server?
RE: My almost ci site hack - InsiteFX - 08-15-2017
Make sure that you also flag your index.php with CMOD 0644
You should move your ./application and ./system folder to the root.
RE: My almost ci site hack - skunkbad - 08-15-2017
A long time ago I had this happen. I wanted to blame all of the usual suspects, but in the end I found that it was my use of plain FTP, and the fact that another computer on my network was infected with many viruses / malware. I even changed my password to FTP, but that didn't help because that other computer was sniffing network traffic, and as soon as I used another password it would grab it.
OP never said if he/she was using plain FTP. What is it OP? Ideally use SFTP, FTPes, or anything besides plain FTP.