phantom007 — 2010-08-28T03:01:20-04:00 — #1
One of my friend's website has been hacked. He runs his website on a linux server.
The hacker has managed to overwrite his index.html file only, leaving other files intact. His password consist of 25 characters with alphanumeric and symbols so its not possible to crack his password hypothetically. Even though it was, the hacker would have deleted all his files or could have done more damage to his account.
So, I was wondering if anyone of you have any idea on:
1) How did the hacker replace the index file without knowing the password?
2) What measures can my friend take so that this does not happen in future?
Many thanks in advance.
km_richards — 2010-09-07T10:08:38-04:00 — #2
My computer is about 3 feet from my VPN router so if I see anybody in my office trying to hack the connection...I'll shoot 'em
I'm in Texas, so this would be perfectly legal...
aleksejs — 2010-09-07T09:49:44-04:00 — #3
It depends. If you can VPN to server, then you do not really need VPN router for that. VPN router is more usefull if you must have permanent secure connection to remote server for it to be acessible just like any computer on LAN not only through FTP but possibly Xwindows, RPC etc.
Traffic from your computer to VPN router still would be unencrypted - so anyone in your subnet could potentially eavesdrop. Only the portion between VPN routers (or router and server - that really depends on type of VPN you are going to use) would be protected.
km_richards — 2010-09-07T09:30:04-04:00 — #4
What if you just got a VPN router?
Would that help make things more secure?
km_richards — 2010-09-06T22:52:36-04:00 — #5
What's the most secure FTP to help combat this?
aleksejs — 2010-09-07T01:38:30-04:00 — #6
You should use [SCP/SFTP. [url=http://en.wikipedia.org/wiki/FTPS]FTPS](http://en.wikipedia.org/wiki/SSH_file_transfer_protocol) is an option too, but due to the nature of FTP protocol it is difficult to set up (at least in active mode), that is why scp/sftp is more commonly used.
crazybanana — 2010-09-01T13:55:08-04:00 — #7
Looks like the site is using the good 'ol Frontpage Server Extension as i have seen tons of similar defacements from these guys on these types of sites/servers. if this is the case, you people are begging for a deface...
eastcoast — 2010-08-30T19:45:52-04:00 — #8
This sort of attack has been discussed many times before on this forum, so I'll not reiterate possible causes and cures, but would mention that ftp is nowadays a common point of entry via gumblar variant viruses/trojans - brute forcing isn't a factor
spacephoenix — 2010-08-28T03:26:43-04:00 — #9
What apps are installed on the server and is each app up to date with whatever version is the current stable version for each app?
phantom007 — 2010-08-28T03:27:56-04:00 — #10
Yes they are all up-to-date