Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion oaow. my ci based developed website hacked
oaow. my ci based developed website hacked
  • El Forum
    Guest
  •  
#1
02-04-2012, 03:40 AM

[eluser]Sumon[/eluser]
hello experts,
just an hours earlier, i get someone hacked my website(screenshot: www.shopno-dinga.com/hacked.jpg)www.shopno-dinga.com. now i really interested to know how such hack happened? moreover, i login to root folder of my site and found an index.html which was not created by me. moreover index.php file changed. how hacker get my ftp or by some other ways they upload this index.html and index.php file into my root. but how?

i need a good explanation of how hacking happened. any further discussion/knowledge sharing is highly appriciated.
  • El Forum
    Guest
  •  
#2
02-04-2012, 04:08 AM

[eluser]InsiteFX[/eluser]
It's important that you CHMOD (set permissions) on the index.php file as read-only. Typically this means setting it to 644, or in some cases 444.
  • El Forum
    Guest
  •  
#3
02-04-2012, 08:14 AM

[eluser]Sumon[/eluser]
thank you very much. i found my settings was 644. please give me more hints how can i protect from all kind of hack.
  • El Forum
    Guest
  •  
#4
02-04-2012, 09:38 AM

[eluser]InsiteFX[/eluser]
Well the best way is to go with an SSL Certificate... https:
  • El Forum
    Guest
  •  
#5
02-04-2012, 09:39 AM

[eluser]skunkbad[/eluser]
Check your computer and all computers on your network for viruses. Make sure not to store your FTP login info on your computer, and always make sure you use a secure connection for FTP. SFTP, FTPeS, etc. I had this happen to me once, and it was because a computer on my network had a virus. Once I cleaned that up, no more problems.
  • El Forum
    Guest
  •  
#6
02-04-2012, 11:05 AM

[eluser]Sumon[/eluser]
@InsiteFX: thanks
@skunkbad: i think for me it's an virus attack. although i didn't store ftp information of hacked site. in contrast, i use FLASHFXP without any secure connection. is there are any free secured ftp software? or it's like: i have to install certificate in my hosting plan. please let me know.
anything else what possibly hacked my website?
  • El Forum
    Guest
  •  
#7
02-04-2012, 06:22 PM

[eluser]skunkbad[/eluser]
[quote author="Sumon" date="1328378709"]@InsiteFX: thanks
@skunkbad: i think for me it's an virus attack. although i didn't store ftp information of hacked site. in contrast, i use FLASHFXP without any secure connection. is there are any free secured ftp software? or it's like: i have to install certificate in my hosting plan. please let me know.
anything else what possibly hacked my website?
[/quote]

I use FileZilla for FTP, and if your host doesn't support a secure FTP connection, you really need to find a new host.
  • El Forum
    Guest
  •  
#8
02-04-2012, 10:37 PM

[eluser]vbsaltydog[/eluser]
Check your FTP access logs to see who logged in other than you.
If you have a static ip address at your home or if it rarely changes, restrict FTP access on your server from all IPs except your home IP.
Run FTP on a non standard port.
Use SCP vs FTP
etc.




Theme © iAndrew 2016 - Forum software by © MyBB