We got hacked!!! - GoFuckYourself.com

Scraper · 09-07-2001, 06:42 AM

Hey all,
We recently had our site hacked by people on the same server using the Unix "more" command.

It basically allowed them to view the source code for PHP scripts on the virtual server account we are using. And make a connection to our database etc. using the username and passwords we had in the source code.

I'm still not totally sure how to remove this risk (without going to a dedicated server), maybe its just our hosting company isn't the best.

In any case, I thought I'd just mention that here so others can take that into consideration when making sites.

Ciao.

AnthonyR · 09-07-2001, 06:45 AM

yep, sounds like a hosting problem. They seem responsible to me!

regards,
Anthony

------------------------------------
<a href="http://space4porn.com/wm1.html">Space4porn.com freehosting</a>

Wizzo · 09-07-2001, 08:27 AM

Yea, I would be shopping for a new host...

my6com · 09-07-2001, 09:04 AM

>>hosting company isn't the best

call em, they fucked up!

my6

------------------
Scandinavian Webmaster Opportunities

http://www.se.sexdoubler.net/

[This message has been edited by my6com (edited 09-07-2001).]

Freako · 09-07-2001, 09:35 AM

It's normal they can access your files if you chmod them 777 :P Check your file permissions first, if that's not it... run away from there

Freak!

missnglnk · 09-07-2001, 09:42 AM

Umm, you weren't hacked, the more command is standard on most, if not, all Unix distributions and derivatives. This problem can be easily fixed by changing the permissions of your home directory.

Chances are the web server is run as the user 'nobody' so you can do the following on selected or all files that you want protected:

chown your-username-here /path/to/file
chgrp nobody /path/to/file
chmod 640 /path/to/file

That changes the permissions so that only you and the users in the group nobody are the only ones allowed to read the file.

99.99999% of the time, the only user in the group nobody is nobody, and very few processes run as nobody, usually the only one being apache.

If it's an executable file, then you
would change the mode of the file to 750
instead of 640 using the method described
above.

------------------

Scraper · 09-07-2001, 09:55 AM

missnglnk - Thanks. Thats helpful, I've decided to (immediately) hook up with another host. But its great to have that info available so I don't make the same mistake again

Lane · 09-07-2001, 09:56 AM

your hosting company shouldnt allow people to enter eachothers folders.

Juge · 09-08-2001, 09:27 AM

I know a great host if you're looking for one, scraper.

TFCash · 09-10-2001, 01:23 AM

Well I hate to break the news to you guys, but unless your host is running php in strict mode(which many don't !!!) then anyone that has an account on your server could in theory get a full listing of what is in your folders, and also do a complete listing or download of what is in your files, including any usernames and passwords that might be in your php files! I won't post the 7 or 8 lines of code that would do this, but rest assured it is that simple

And changing the permissions to nobody will have no effect at all, since apache run's as nobody any php script that is ran on your system has nobody privileges so they can see those files!

If you are making a living at this ( i.e. webmastering is your sole means of income) then you are really silly if you don't have your own det server to run your sites from. Now if you do this as a hobby or for extra cash, then a shared server will probably be fine for what you do, just don't freak out too much if you find that you've been hacked, or someone has ripped off your user database. I would suggest a daily backup of some sort, either have a secondary hosting account where you backup all your files for all your domains, or have a broadband connection at your house and keep a copy there burned onto CD.

Tim

Osholio · 09-10-2001, 04:08 AM

Another option, which I mentioned yesterday in an answer to a question about PHP, is the Zend Encoder. What it does is runs the first two passes of the php optimiser, then encrypt's the output to make it a real challenge for anyone to figure out what's in the file.

You can get it from http://www.zend.com/ as part of the Zend Developer's Suite for $50 a month, which is a good price if you're making a living from your site.

Damn, I'm advertising them so much they need to set up an affiliate's programme

------------------
ClickCash - Better than 1:99 and $50 for signing up

Due · 09-10-2001, 03:37 PM

Quote:

Originally posted by Lane:
your hosting company shouldnt allow people to enter eachothers folders.

No we all know what happend last time you where able to do that

missnglnk · 09-11-2001, 06:03 AM

Real quick fix:
* chmod 700 /path/to/your/homedirectory

This is basically what your ISP would have
done if you had asked them to rectify it...

Now, if they change it back...you have some
issues.

09-07-2001, 06:42 AM	#1
Scraper Confirmed User Join Date: Jan 2001 Location: Rainforest Posts: 182	We got hacked!!! Hey all, We recently had our site hacked by people on the same server using the Unix "more" command. It basically allowed them to view the source code for PHP scripts on the virtual server account we are using. And make a connection to our database etc. using the username and passwords we had in the source code. I'm still not totally sure how to remove this risk (without going to a dedicated server), maybe its just our hosting company isn't the best. In any case, I thought I'd just mention that here so others can take that into consideration when making sites. Ciao.

09-07-2001, 06:45 AM	#2
AnthonyR Confirmed User Join Date: Mar 2001 Posts: 168	yep, sounds like a hosting problem. They seem responsible to me! regards, Anthony ------------------------------------ <a href="http://space4porn.com/wm1.html">Space4porn.com freehosting</a>

09-07-2001, 08:27 AM	#3
Wizzo 2011 GFY Hall of Fame! Industry Role: Join Date: Nov 2000 Location: Back in Texas! Posts: 15,224	Yea, I would be shopping for a new host...

09-07-2001, 09:04 AM	#4
my6com Confirmed User Join Date: Feb 2001 Location: Sweden Posts: 187	>>hosting company isn't the best call em, they fucked up! my6 ------------------ Scandinavian Webmaster Opportunities http://www.se.sexdoubler.net/ [This message has been edited by my6com (edited 09-07-2001).]

09-07-2001, 09:35 AM	#5
Freako Confirmed User Join Date: Aug 2001 Location: Adult Bouncer Posts: 217	It's normal they can access your files if you chmod them 777 :P Check your file permissions first, if that's not it... run away from there Freak!

09-07-2001, 09:42 AM	#6
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	Umm, you weren't hacked, the more command is standard on most, if not, all Unix distributions and derivatives. This problem can be easily fixed by changing the permissions of your home directory. Chances are the web server is run as the user 'nobody' so you can do the following on selected or all files that you want protected: chown your-username-here /path/to/file chgrp nobody /path/to/file chmod 640 /path/to/file That changes the permissions so that only you and the users in the group nobody are the only ones allowed to read the file. 99.99999% of the time, the only user in the group nobody is nobody, and very few processes run as nobody, usually the only one being apache. If it's an executable file, then you would change the mode of the file to 750 instead of 640 using the method described above. ------------------

09-07-2001, 09:55 AM	#7
Scraper Confirmed User Join Date: Jan 2001 Location: Rainforest Posts: 182	missnglnk - Thanks. Thats helpful, I've decided to (immediately) hook up with another host. But its great to have that info available so I don't make the same mistake again

09-07-2001, 09:56 AM	#8
Lane Will code for food... Join Date: Apr 2001 Location: Buckeye, AZ Posts: 8,496	your hosting company shouldnt allow people to enter eachothers folders.

09-08-2001, 09:27 AM	#9
Juge Confirmed User Join Date: Feb 2001 Posts: 1,917	I know a great host if you're looking for one, scraper.

09-10-2001, 01:23 AM	#10
TFCash Confirmed User Industry Role: Join Date: Apr 2001 Posts: 1,738	Well I hate to break the news to you guys, but unless your host is running php in strict mode(which many don't !!!) then anyone that has an account on your server could in theory get a full listing of what is in your folders, and also do a complete listing or download of what is in your files, including any usernames and passwords that might be in your php files! I won't post the 7 or 8 lines of code that would do this, but rest assured it is that simple And changing the permissions to nobody will have no effect at all, since apache run's as nobody any php script that is ran on your system has nobody privileges so they can see those files! If you are making a living at this ( i.e. webmastering is your sole means of income) then you are really silly if you don't have your own det server to run your sites from. Now if you do this as a hobby or for extra cash, then a shared server will probably be fine for what you do, just don't freak out too much if you find that you've been hacked, or someone has ripped off your user database. I would suggest a daily backup of some sort, either have a secondary hosting account where you backup all your files for all your domains, or have a broadband connection at your house and keep a copy there burned onto CD. Tim

09-10-2001, 04:08 AM	#11
Osholio Confirmed User Join Date: Sep 2001 Location: UK Posts: 99	Another option, which I mentioned yesterday in an answer to a question about PHP, is the Zend Encoder. What it does is runs the first two passes of the php optimiser, then encrypt's the output to make it a real challenge for anyone to figure out what's in the file. You can get it from http://www.zend.com/ as part of the Zend Developer's Suite for $50 a month, which is a good price if you're making a living from your site. Damn, I'm advertising them so much they need to set up an affiliate's programme ------------------ ClickCash - Better than 1:99 and $50 for signing up

09-11-2001, 06:03 AM	#13
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	Real quick fix: * chmod 700 /path/to/your/homedirectory This is basically what your ISP would have done if you had asked them to rectify it... Now, if they change it back...you have some issues.