websites hacked
Permalink
Hi Guys
Just had two websites I run hacked both using concrete5 one of them had the very latest update but was still hacked dont know how they got in just yet but one is now back online from a backup is there a list of folders I can check to make sure that they are not writable from the web could you post a list please.
Just had two websites I run hacked both using concrete5 one of them had the very latest update but was still hacked dont know how they got in just yet but one is now back online from a backup is there a list of folders I can check to make sure that they are not writable from the web could you post a list please.
are you hosting on media temple?
Hi Mnkras
No I am not hosting on media temple I think I found hack they managed to changed a file - file was set to 644 permissions I mainly access via ftp using filezilla client
No I am not hosting on media temple I think I found hack they managed to changed a file - file was set to 644 permissions I mainly access via ftp using filezilla client
you probably already know this, but if you're uploading with ftp, make sure that you're doing so over ssh with sftp, otherwise you're sending your username and password in clear text over the web. also, if you're on a shared server, it's very likely that they figured out a way to get into your account through someone else's account, or perhaps they got root access to that box. in that case you may want to check with your host to see if other sites on that server were also hacked.
I am somewhat confused. Did they change the owner of "suspect" file?
A permissions of 644 is Owner=read+write, Group=read only, All=read only.
Unless they have access to your account (via login username/password) or changed the owner of the file, they had effictily locked themselves out completely to that file. That does not make much sense.
BTW, A permision setting of 644 with owner/group set to you username is the default file creation permissions on most linux systems.
A permissions of 644 is Owner=read+write, Group=read only, All=read only.
Unless they have access to your account (via login username/password) or changed the owner of the file, they had effictily locked themselves out completely to that file. That does not make much sense.
BTW, A permision setting of 644 with owner/group set to you username is the default file creation permissions on most linux systems.
644 is the right permission for most files its most likely your host
