RPGDXThe center of Indie-RPG gaming
Not logged in. [log in] [register]
 
 
Post new topic Reply to topic  
View previous topic - View next topic  
Author Message
DeveloperX
202192397


Joined: 04 May 2003
Posts: 1623
Location: Decatur, IL, USA

PostPosted: Thu Apr 24, 2008 9:57 pm    Post subject: someone had the audacity to take down my website! [quote]

Yesterday about 3pm, some fucktard decided it would be a good idea to hack into my server, and start uploading and deleting things.

Once this person realized I was onto him/her they then cleared the server access logs before I could read them (I check them weekly...and this time it was empty!) and then proceeded to delete EVERYTHING from the site.

Just look at what I'm left with:

http://www.ccpssolutions.com

I've since changed all the passwords I've used anywhere and doubled the complexity. If I find who did this, I'm going to kill them.
_________________
Senior Technical Director
Bang Bang Attack Studios
See my professional portfolio
Back to top  
Terry
Spectral Form


Joined: 16 Jun 2002
Posts: 798
Location: Dublin, Ireland

PostPosted: Thu Apr 24, 2008 11:46 pm    Post subject: [quote]

Ouch :( Sorry to hear that...
_________________
http://www.distractionware.com
Back to top  
RedSlash
Mage


Joined: 12 May 2005
Posts: 331

PostPosted: Fri Apr 25, 2008 12:10 am    Post subject: [quote]

Wow, that really sucks. Who do you host with? Are they able to provide you with more information? Hopefully, you've been doing the weekly thing of keeping backups.
Back to top  
DeveloperX
202192397


Joined: 04 May 2003
Posts: 1623
Location: Decatur, IL, USA

PostPosted: Fri Apr 25, 2008 6:12 am    Post subject: [quote]

I hadn't had a full backup in a long time, so its going to take at least 6 months of DVD searching to locate all the information that I had on there.

Had hosting with godaddy; but their support for something in this case is nil. >_< I tried everything I could to get an IP on the attacker, no go. I have a feeling that they might have abused some poorly written php scripts that I had...although buried 12+ folders deep..nothing named like something to use to initiate an attack either.

I really would like to know who did this, so if ANYONE hears or sees anything posted anywhere online about this, let me know.
I'll personally give $100 USD to whoever puts this fucker in jail and gets a written confession out of him.
_________________
Senior Technical Director
Bang Bang Attack Studios
See my professional portfolio
Back to top  
valderman
Mage


Joined: 29 Aug 2002
Posts: 334
Location: Gothenburg, Sweden

PostPosted: Fri Apr 25, 2008 6:46 am    Post subject: [quote]

If it's your server, do a clean reinstall of everything, including the OS. If the attacker had enough privileges that he could clean the access logs, there is no way for you to trust the machine anymore.

Then do a thorough review of everything public-facing you put on there in the future. And start making backups. Seriously. I learned it the hard way too.

Finally, even though this might seem obvious, look over your passwords. Changing from "deathstar" to "strawberry" or "c0c0nu7$" doesn't add anything at all to your password strength.
Back to top  
cowgod
Wandering Minstrel


Joined: 22 Nov 2005
Posts: 114
Location: Pittsburgh, USA

PostPosted: Fri Apr 25, 2008 6:15 pm    Post subject: [quote]

I had something similar happen to me once. I had some PHP scripts that wrote some files, so I had to have write access on one folder for it to work.

Now, I don't use that particular PHP script at all because it was pretty much unnecessary. I just create the files with a Java program I wrote and the upload them.

For other PHP scripts, I've found that it is much more secure to use a database. I need not alter any permissions for any folders that way.

I don't understand exactly why I need world write access to write a file to the server with PHP but don't need any write access to write to a database, but that's the way it seems to be.
Back to top  
RedSlash
Mage


Joined: 12 May 2005
Posts: 331

PostPosted: Fri Apr 25, 2008 8:57 pm    Post subject: [quote]

The reason for world writable permissions for uploads is because your hosting provider setup the web server (and php) to run under a global username which is a different user than your account. This practice is considered insecure because it allows all users under the same server access to all your files including your php scripts which may contain senstive information such as database passwords, etc.
It is unlikely that DevX got hacked this way given that all his files were cleared out. I'd guess it would be likely an insecure script or had his password compromised.
Back to top  
Post new topic Reply to topic Page 1 of 1 All times are GMT
 



Display posts from previous:   
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum