Announcement

Collapse
No announcement yet.

Hackers has struck my site again

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hackers has struck my site again

    This is the third time hackers are sticking our website. They either inserting porn links or as of today they inserted a fake halifax.co.uk link for phising.

    It's either the mysite.co.uk/acatalog/DD or the mysite.co.uk/acatalog that they always add the fraudulent files.

    They also change the ownership of the directory and it becomes unable for me to delete the hacker's files and have to contact the web hosting company to do it.

    Is there a way of stopping them doing that ? I'm a bit frustrated with it.

    Thank you...
    www.grafea.co.uk
    Vintage Leather briefcases

    http://www.grafea.com
    Designer leather bags
    --------------------------
    Yanni Kioupouroglou

    #2
    Change hosting companies, 3 times really isn't acceptable!
    Cheers

    David
    Located in Edinburgh UK

    http://twitter.com/mcfinster

    Comment


      #3
      yep change hosts

      Comment


        #4
        My host is IXWEBHOSTING which is one of the biggest hosting companies in the globe !!. How can it be the web host ?
        www.grafea.co.uk
        Vintage Leather briefcases

        http://www.grafea.com
        Designer leather bags
        --------------------------
        Yanni Kioupouroglou

        Comment


          #5
          I've never heard of them.

          Comment


            #6
            becasue we say it is.

            put it this way, have you tried it?

            Comment


              #7
              Yanni, did you change your usernames and passwords after the previous hacks?

              Mike
              -----------------------------------------

              First Tackle - Fly Fishing and Game Angling

              -----------------------------------------

              Comment


                #8
                The only (I think) potential Actinic related issue is that the permissions could be wrong on the acatalog/dd directories. However, any host worth their fee should have been able to tell you this was the issue and how to fix it. In fact I would have thought they would have made sure they told you so you didn't think the issue was at their end. Anyway, presumably they haven't suggested it could be this so, they either haven't checked, didn't tell you, or it was nothing to do with Actinic at all.

                So, regardless of which one it is, I would change host!
                Cheers

                David
                Located in Edinburgh UK

                http://twitter.com/mcfinster

                Comment


                  #9
                  It's based in the US.

                  What do you mean have I tried it. We are running two online shops. We pay for a year of subscription. Changing host is not like changing email addresses. We have already paid for the year !
                  www.grafea.co.uk
                  Vintage Leather briefcases

                  http://www.grafea.com
                  Designer leather bags
                  --------------------------
                  Yanni Kioupouroglou

                  Comment


                    #10
                    Originally posted by Yanni View Post
                    This is the third time
                    This comment is interesting, apparently, some events, permissions or situations on the server allow this vector to be used for compromise, several times. This leads me to belive that this is a repeatable Actinic flaw.

                    Originally posted by Yanni View Post
                    It's either the mysite.co.uk/acatalog/DD or the mysite.co.uk/acatalog that they always add the fraudulent files.
                    Yanni, i want you to do something VERY important here, and it'll help everyone.

                    Look through your logs to find the titles of the files. Post them here, you may just save some lives.

                    Originally posted by Yanni View Post
                    They also change the ownership of the directory and it becomes unable for me to delete the hacker's files and have to contact the web hosting company to do it.
                    No, whats actually happening is that scripts on your server can only run as the local apache security level. this means that files created by them are chowned by them. The user that interacts with the FTP has no permission to delete these files.

                    This last one means that a script on the server, be it one of the Actinic perl scripts, or a script on the server in question has the capability to drop/edit files on the server.

                    Yanni, its imperative that you tell us EXACTLY what other software is installed on your server.

                    I'd like nothing more than any real comments from Actinic towers on this?

                    Comment


                      #11
                      The general concensus about IX seems to be that it's marketing is considerably better than it's service. You would probably be better off with someone like 1&1 (try a Google search for something like "ixwebhosting 1&1").

                      PS - content warning for viewers of the IXwebhosting website - turn your sound off before you go and be ready to click the cross on the lady ASAP

                      Aquazuro - designer stainless steel accessories

                      Comment


                        #12
                        you need to find out from your host if the hack is server wide or just your site

                        then you need to tell us if you are running any thing else in your webspace - anything other than actinic

                        ie extra cgi formmail? or php, mysql etc etc

                        and tell us what version of actinic - the comment from actinic is sure to be all cross scripting has been plugged in 8.5.3 onwards, therefore if its actinic that is being hacked you will have to upgrade - but we need the above info to determine this

                        Comment


                          #13
                          This is inside my logs directory:


                          mysite.co.uk.1219795200 gz
                          mysite.co.uk.1219881600 gz
                          mysite.co.uk.1219968000 gz
                          mysite.co.uk.1220054400 gz
                          mysite.co.uk.1220140800 gz
                          mysite.co.uk.1220227200 gz
                          mysite.co.uk 1220313600


                          I'm using 1&1 for registering my domain name but I haven't tried them for hosting.

                          Also, if a website is specific for the UK market is it better to be hosted by a UK company for better google results ?
                          www.grafea.co.uk
                          Vintage Leather briefcases

                          http://www.grafea.com
                          Designer leather bags
                          --------------------------
                          Yanni Kioupouroglou

                          Comment


                            #14
                            I'm running Actinic 8.5.1

                            The site has only got Actinic on it, nothing else is running in it.

                            We have both the .co.uk and the .com and we have found both to be vulnerable to hacker attacks. Both sites are hosted by IX and running Actinic 8.5.1.

                            Thanks.
                            www.grafea.co.uk
                            Vintage Leather briefcases

                            http://www.grafea.com
                            Designer leather bags
                            --------------------------
                            Yanni Kioupouroglou

                            Comment


                              #15
                              "Also, if a website is specific for the UK market is it better to be hosted by a UK company for better google results ?"

                              The most important thing is that it is .co.uk.

                              Some think that a UK host is also important, we use Webfusion (but be careful only some of their packages are UK based).

                              Most think that the worst from this point of view is to use a .com and a non-UK host (IX is US, 1&1 is German).

                              Aquazuro - designer stainless steel accessories

                              Comment

                              Working...
                              X