Announcement

**rmladden** · 20-Dec-2004, 05:27 PM

It looks like your site was hacked. Contact your ISP. All the .html files in the acatalog folder have been modified on 20 Dec 04 14:37.

Also have your ISP forbid listing your folder or create an index.html.

You do have one order file to retrieve.

If your ISP says it is safe, you'll have to do a site refresh. Change the password.

**rubbadubbadoo** · 20-Dec-2004, 05:31 PM

Well my index.html is actually at http://www.rubbadubbadoo.co.uk

Im a bit of a cowboy and the shop is sorta seperate from the homepage

**Darren B** · 20-Dec-2004, 05:41 PM

I would say it is quite probable that this came from one of these IP address
172.203.3.239
84.65.9.178
212.219.63.82

only a guess but these where the ones on you site around the time it hapened

i agree change your shop.html to index.html
also change your user name and password

Cheers
Darren

**rubbadubbadoo** · 20-Dec-2004, 05:42 PM

My shop isnt my homepage so cant do that....?

Do you mean change my host username and password?

**rmladden** · 20-Dec-2004, 06:09 PM

You should at least create a dummy index.html in the acatalog folder to keep people from browsing your folder. But that is not your immediate problem.

Easyspace has some vunerability that allowed a worm into their servers. By now you should have talked to them. When they patch that, it would be a good idea to change the password for FTP.

**rubbadubbadoo** · 20-Dec-2004, 06:16 PM

Hi thanks, i have emailed them and await a response. How would i go about creating a dummy index.html? Sorry I am a bit new to this....

Cheers for all your help
Alex

**dalydesign** · 22-Dec-2004, 10:50 AM

I had the exact same problem.

I did a site refresh, and added the index.html page.

This seems to have fixed it for the moment.

**rubbadubbadoo** · 22-Dec-2004, 10:53 AM

Hi pdaly, thats good to know. I have now done me dummy index pages so I will refresh again and hope it sorts it!

Cheers!

**Nadeem** · 22-Dec-2004, 11:06 AM

Hi there

Support has had two calls on the same issue yesterday. We told those clients to contact their webhosting company and change the ftp password.

Kind Regars

**rmladden** · 22-Dec-2004, 11:54 AM

Santy Worm

It's a new worm. See http://www.internetnews.com/security...le.php/3450711

**pinbrook** · 22-Dec-2004, 12:16 PM

I think Actinic should put some kind of security warning on the ability to change shop default page from index.html to xxx.html

The people most likely to change this option are mainly people who have no idea of the consequences of having a folder with no index file in it

**rubbadubbadoo** · 22-Dec-2004, 06:21 PM

Originally posted by Nadeem

Hi there

Support has had two calls on the same issue yesterday. We told those clients to contact their webhosting company and change the ftp password.

Kind Regars

So will changing the ftp password sort it out or will servers need to be patched?

Regards
Alex

**pinbrook** · 22-Dec-2004, 06:27 PM

Easy Space will be sorting out their servers. It is advisable to change your FTP password as it has been breached.

**rubbadubbadoo** · 22-Dec-2004, 06:39 PM

yea, done that already altho it takes up to xx hours to take effect

Announcement

Help!!!

Help!!!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment