My almost ci site hack |
How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked First shutdown all website. Did the hacker change the file content or only the website output?
First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.
(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards. That and if the FTP is not encrypted, that's almost 100% the problem. Never use FTP that is not encrypted. (08-14-2017, 11:47 AM)Paradinight Wrote:(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked only the website output (08-14-2017, 07:21 PM)skunkbad Wrote:(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards. may i also need to change database sql
(08-14-2017, 07:23 PM)skunkbad Wrote:(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked It could be anything: - sql injection - without file check, the hacker could upload anything. eg. youurl.com/upload/badphpfile.php - misuse of shell_exec - backdoors from a former employee - old plesk, old phpmyadmin - old server version Are the 80 sites on the same server?
Make sure that you also flag your index.php with CMOD 0644
You should move your ./application and ./system folder to the root. What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
A long time ago I had this happen. I wanted to blame all of the usual suspects, but in the end I found that it was my use of plain FTP, and the fact that another computer on my network was infected with many viruses / malware. I even changed my password to FTP, but that didn't help because that other computer was sniffing network traffic, and as soon as I used another password it would grab it.
OP never said if he/she was using plain FTP. What is it OP? Ideally use SFTP, FTPes, or anything besides plain FTP. |
Welcome Guest, Not a member yet? Register Sign In |