Welcome Guest, Not a member yet? Register   Sign In
Security issue- Index.php file permission set to 00
#1

[eluser]OJ[/eluser]
Guys,
Some hackers shut my site down. They updated my index.php file bu setting the file permission to 00.
Does any one know the quick way to fix this. My host is delaying intheir investigations. I read some other thread but no clear solution.
Does anyone know?
#2

[eluser]skunkbad[/eluser]
[quote author="OJ" date="1273408261"]Guys,
Some hackers shut my site down. They updated my index.php file bu setting the file permission to 00.
Does any one know the quick way to fix this. My host is delaying intheir investigations. I read some other thread but no clear solution.
Does anyone know?[/quote]

From my experience in the past, setting permissions to 000 on a shared host requires them to reset the permissions. You no longer control the file.
#3

[eluser]OJ[/eluser]
Yes, they are probably going to reset the permission but I don't understand how it could happened and how to prevent future occurrence. Any ideas?
#4

[eluser]hugle[/eluser]
the question here is. how did they did that. maybe they hacked your ftp account or smth like that.
change ftp passwords, scan your pc for viruses.

also check all the forms, where you allow public users to upload/post some data to your server

maybe you have been exploited or smth
#5

[eluser]cahva[/eluser]
OJ, I recommend that ANYONE who has access to FTP your site make total virus-check on their machines. Theres couple of viruses currently in the wild that hijack FTP username and password from the user. Although I havent crossed this particular one if it sets permissions to 000. Usually these just inject index with some javascript.

And as hugle said, logs should be checked. Usually it's easy to see from the FTP-access log that there is someone with different IP and country than usually.
#6

[eluser]OJ[/eluser]
Thanks Guys, after investigation, my host company said, some guy was spamming my site for more than 90 seconds and they decided to shutdown my site. Too bad anyways and they couldn't even send me an email.
I was sure that I didn't share my ftp account with any one. In this case it was the ISP admin that hacked my site. This is an experience anyways but another disadvantage of using the index.php as the entry point.
I was wondering if I could use another file name instead of the popular index.php as the entry point to my site.
I am not sure if it is safe to use the following entry in htaccess as a subsitute to bare index.php

DirectoryIndex safefile.php

Has any one tried it?
#7

[eluser]skunkbad[/eluser]
You could probably do something like this in .htaccess:

Code:
DirectoryIndex front.php

RewriteEngine On
RewriteBase /
RewriteRule ^(system|application|cgi-bin) - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* front.php/$0 [PT,L]

This would mean you would be routing through front.php instead of index.php. What is interesting is that I have had one of the FTP viruses on my network, and those viruses were looking for index files. Since you didn't have a virus, I know that's not your issue, but changing from index.php to front.php could make a difference if you did.
#8

[eluser]cahva[/eluser]
[quote author="skunkbad" date="1273460845"]What is interesting is that I have had one of the FTP viruses on my network, and those viruses were looking for index files. Since you didn't have a virus, I know that's not your issue, but changing from index.php to front.php could make a difference if you did.[/quote]

You're absolutely right. Our customers who had this virus had these popular index files infected: index.* default.* and main.*

Quote:Thanks Guys, after investigation, my host company said, some guy was spamming my site for more than 90 seconds and they decided to shutdown my site.
This is something we have to do also from time to time if we notice high mailing levels(usually spam). But ofcourse we try to get hold of the site owner/admin after closing site temporarily. Thats not cool if they didnt contact you about the matter..
#9

[eluser]OJ[/eluser]
Thanks Guys for being so responsive to this issue. I will say goodbye to index.php. I will use the htaccess code as described above.
I am happy that there is a solution to this.
Cheers guys!!




Theme © iAndrew 2016 - Forum software by © MyBB