Welcome Guest, Not a member yet? Register   Sign In
Server Got Hacked
#4

[eluser]jedd[/eluser]
Change the index.php to 444 on one of the affected hosts, and see if that saves it in the future (if the other one, left at 644, is hit again).

If they're hitting only the index.php it either means they care less about exploits and more about the publicity (this is in your favour) or that was all they could get access to (similarly, but in a different way). If you're not logging to a dedicated syslog host, then now's the time to set one up - bumping up your log level in apache/php to 'stupidly high', at least while you're investigating this.

Check any upload scripts you may have to ensure index.php can't be over-written using those. index.php is a giveaway regarding their level of intrusion, given it's the only file that can easily be guessed at the name / location of - which makes it a very attractive target.


Messages In This Thread
Server Got Hacked - by El Forum - 10-08-2009, 02:40 PM
Server Got Hacked - by El Forum - 10-08-2009, 03:56 PM
Server Got Hacked - by El Forum - 10-08-2009, 08:55 PM
Server Got Hacked - by El Forum - 10-09-2009, 05:02 AM
Server Got Hacked - by El Forum - 11-07-2009, 08:55 AM
Server Got Hacked - by El Forum - 11-08-2009, 11:19 AM



Theme © iAndrew 2016 - Forum software by © MyBB