Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

site hacked !

  • 03-08-2009 7:05pm
    #1
    Closed Accounts Posts: 85 ✭✭


    Hi,

    I run a small website - php running of a CMS called phpWebSite - and it got hacked recently. 3 directories appeared in the site with phishing forms for 3 different banks, which would harvest details people entered and email them to different yahoo and gmail accounts.

    Anytime I tried to delete these directories the would appear again straight away - some process must have been polling and recreating them again - anyone have experience of dealing with something like this ?? Very irritating ...............


Comments

  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    If apache, is there a htaccess file present that looks suspicious?

    Make sure none of your directorys are open to writing, CHMOD 777 for eg.


  • Registered Users, Registered Users 2 Posts: 569 ✭✭✭none


    Change FTP password.


  • Registered Users, Registered Users 2 Posts: 6,465 ✭✭✭MOH


    It never struck me before as I generally just ignore those phisihing e-mails, but I guess it's a good idea to mail the admin of the site they're pointing to in case they haven't noticed them.


  • Registered Users, Registered Users 2 Posts: 691 ✭✭✭$ausage$


    Messy! did you find out how they got in?


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    sounds like gumblar or a variant.

    make sure your using scp and not FTP.

    change ftp passwords etc


  • Advertisement
  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    If it's Gumblar you'll have some wierd script stuff just at the end of the head of your pages. You could also have some hidden iframe injected into your pages from something not quite Gumblar.

    Backup all of your site, edit files to remove the line with the script. Remove all your pages and directories by ftp, contact your hoster if problems. Clean your pc for viruses, malware and you might as well do adware too. Hopefully your AV should be up to standard and up to date and find it. Similarly, clean all other pc's on your network. Change your ftp passwords from a clean pc which has been no where near your network/pc's, a cybercafe is good for this. It's important this must be done from a clean pc otherwise you could be wasting your time. Upload your clean files and watch the files on the server like a hawk for a few days. Repeat for any people you got to check the site for you.

    hth


  • Closed Accounts Posts: 845 ✭✭✭yupyup7up


    change all your FTP passwords and delete any password files. run anti virus and anti spyware SW. yeah that iframe virus is a pain in the orse...:mad: just make sure all the passwords are kept off any machine on your network!


Advertisement