[DeveloperX]

Yesterday about 3pm, some fucktard decided it would be a good idea to hack into my server, and start uploading and deleting things.

Once this person realized I was onto him/her they then cleared the server access logs before I could read them (I check them weekly...and this time it was empty!) and then proceeded to delete EVERYTHING from the site.

Just look at what I'm left with:

http://www.ccpssolutions.com

I've since changed all the passwords I've used anywhere and doubled the complexity. If I find who did this, I'm going to kill them.
_________________
Principal Software Architect
Rambling Indie Games, LLC

See my professional portfolio

[Terry]

Ouch :( Sorry to hear that...
_________________
http://www.distractionware.com

[RedSlash]

Wow, that really sucks. Who do you host with? Are they able to provide you with more information? Hopefully, you've been doing the weekly thing of keeping backups.

[DeveloperX]

I hadn't had a full backup in a long time, so its going to take at least 6 months of DVD searching to locate all the information that I had on there.

Had hosting with godaddy; but their support for something in this case is nil. >_< I tried everything I could to get an IP on the attacker, no go. I have a feeling that they might have abused some poorly written php scripts that I had...although buried 12+ folders deep..nothing named like something to use to initiate an attack either.

I really would like to know who did this, so if ANYONE hears or sees anything posted anywhere online about this, let me know.
I'll personally give $100 USD to whoever puts this fucker in jail and gets a written confession out of him.
_________________
Principal Software Architect
Rambling Indie Games, LLC

See my professional portfolio

[valderman]

If it's your server, do a clean reinstall of everything, including the OS. If the attacker had enough privileges that he could clean the access logs, there is no way for you to trust the machine anymore.

Then do a thorough review of everything public-facing you put on there in the future. And start making backups. Seriously. I learned it the hard way too.

Finally, even though this might seem obvious, look over your passwords. Changing from "deathstar" to "strawberry" or "c0c0nu7$" doesn't add anything at all to your password strength.

[cowgod]

I had something similar happen to me once. I had some PHP scripts that wrote some files, so I had to have write access on one folder for it to work.

Now, I don't use that particular PHP script at all because it was pretty much unnecessary. I just create the files with a Java program I wrote and the upload them.

For other PHP scripts, I've found that it is much more secure to use a database. I need not alter any permissions for any folders that way.

I don't understand exactly why I need world write access to write a file to the server with PHP but don't need any write access to write to a database, but that's the way it seems to be.

[RedSlash]

The reason for world writable permissions for uploads is because your hosting provider setup the web server (and php) to run under a global username which is a different user than your account. This practice is considered insecure because it allows all users under the same server access to all your files including your php scripts which may contain senstive information such as database passwords, etc.
It is unlikely that DevX got hacked this way given that all his files were cleared out. I'd guess it would be likely an insecure script or had his password compromised.