Announcement

Collapse
No announcement yet.

ive been hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    woops, sorry that was abit nieve of me wasn't it.

    Comment


      #17
      I am using ix webhosting, ive checked my pc and done a scan and everything looks ok, it looked like it attacked my cgi-bin folder, i havent uploaded any orders yet from the server

      Comment


        #18
        You need to talk to your host, find out if it was a server wide hack or just your site.

        if it was your site what else are you running in the webspace ? do you have other cgi, php, mySQL - if you are running older versions of software they could well have vulnerabilities.

        if the hack came from your pc, then it shouldn't happen again - if you've cleaned your pc properly - but you should clear yourwebspace to totally be sure you've deleted the hacked files.

        we need more info from you to be of any real help.

        Comment


          #19
          Originally posted by gabrielcrowe View Post
          lol, none that i can post here.

          its not something that is black and white, i'm afraid the vector of attack could have been anything, but you can be sure that its probably one of these two:

          1) The computer was compromised
          The system where actinic was installed could have been compromised. Virus from emails or other means makes it trivial to replace 'index.html' files on the local machine. Actinic would then upload this as normal. I'd suggest that Actinic should md5 check all files on upload as well as generation, to stop this behavior.

          2) The server was compromised
          This takes 2 forms, and the second is usually the vector
          i) ftp, its very possible for the ftp to have been compromised, because of the nature of the hack in question (some similar hacks also have content in databases).
          ii) Web server based compromise.

          This is most likely.

          Due to the nature of Actinic (cgi-bin perl base), there were some vulns found in some perl. I'm sure they cleared all that up.

          This type of compromise involves using security faults in server scripts to effect files on the server. For example, a script may accept form post. If this nput is not checked for safety, then its very likely that this input will be used to write malicious data to a disk, or even to a database.

          The latter does not affect Actinic, since there is no database.

          I think in this case, if this is a server based hack, its most likely that unchecked perl is the culprit, and if a local compromise is this crackers bag, then I cant vouch for the validity of the computer in question.

          Regarding how this occasionally happens to Actinic sites, It could be that the server itself is compromised, and has nothing to do with the fact that Actinic is on it. some servers are very badly configured and there are *plenty* of avenues of attack, trust me.
          Any (Actinic) security tips worth sharing Gabriel? Even via a moody email.
          Football Heaven

          For all kinds of football souvenirs and memorabilia.

          Comment


            #20
            pmsl, i'm not moody you cad.

            Well, so far as actinic itself goes, its rather safe. I'd check the security record of the server.

            Of course, with greater complexity, comes greater chance of error. On that note, i'd go for the simplest possible ecommerce package/setup/layout you can find/use/get/steal.

            http://www.thebunker.net/

            Comment


              #21
              Originally posted by gabrielcrowe View Post
              On that note, i'd go for the simplest possible ecommerce package/setup/layout you can find/use/get/steal.

              slip of the finger?
              Tracey

              Comment


                #22
                london - not if but when
                http://www.thebunker.net/news/securi...ot_if_but_when

                when our supplier was planning their data centre move 3 or 4 years ago - one of the pre requisites was a location outside of london for much the same reasons as the above webpage. its the same thinking as backing up your pc - plan for when and not if

                we have several clients who came to us for the same reason - our DC is not in london.

                1&1 is also out of london, i beleive webfusion is too

                Comment


                  #23
                  Originally posted by gabrielcrowe View Post
                  pmsl, i'm not moody you cad.
                  I meant that in a way that you write. As in, you get into a flow of thought and you create some of the most thought provoking and inspiring posts on this very forum. I wonder how many people have tried new things for the first time after reading a couple of your tutorial threads.

                  Its great to see some `article quality` threads on here as opposed to the regular questions and answers.

                  And it should be encouraged.

                  Theres are a lot of people on here who could contribute something worthwhile using and/or debating I'm sure. Im sure it'd draw more Actinic users to read and contribute to the Community in a positive way.
                  Football Heaven

                  For all kinds of football souvenirs and memorabilia.

                  Comment

                  Working...
                  X