Welcome Guest, Not a member yet? Register   Sign In
My almost ci site hack
#1

How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked
Reply
#2

(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked

First shutdown all website.
Did the hacker change the file content or only the website output?
Reply
#3

First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.
Reply
#4

(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.

That and if the FTP is not encrypted, that's almost 100% the problem. Never use FTP that is not encrypted.
Reply
#5

(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked

There's really no chance that this has anything to do with CI.
Reply
#6

(08-14-2017, 11:47 AM)Paradinight Wrote:
(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked

First shutdown all website.
Did the hacker change the file content or only the website output?

only the website output
Reply
#7

(08-14-2017, 07:21 PM)skunkbad Wrote:
(08-14-2017, 12:03 PM)Diederik Wrote: First place I would check is the FTP logs. If the files where altered though FTP change FTP passwords, restore sites from your backups and also change database password afterwards.

That and if the FTP is not encrypted, that's almost 100% the problem. Never use FTP that is not encrypted.

may i also need to change database sql
Reply
#8

(08-14-2017, 07:23 PM)skunkbad Wrote:
(08-14-2017, 08:54 AM)Marku Wrote: How my almost ci site more than 80 website are hacked in a single day. Notonly the old version of ci new version is also hacked from same persion. I don't know the keyroot from which file it is hacked

There's really no chance that this has anything to do with CI.


It could be anything:
- sql injection
- without file check, the hacker could upload anything. eg. youurl.com/upload/badphpfile.php
- misuse of shell_exec
- backdoors from a former employee
- old plesk, old phpmyadmin
- old server version

Are the 80 sites on the same server?
Reply
#9

Make sure that you also flag your index.php with CMOD 0644

You should move your ./application and ./system folder to the root.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#10

A long time ago I had this happen. I wanted to blame all of the usual suspects, but in the end I found that it was my use of plain FTP, and the fact that another computer on my network was infected with many viruses / malware. I even changed my password to FTP, but that didn't help because that other computer was sniffing network traffic, and as soon as I used another password it would grab it.

OP never said if he/she was using plain FTP. What is it OP? Ideally use SFTP, FTPes, or anything besides plain FTP.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB