Website hacked

phantom007 · August 28, 2010, 7:01am

Hi

One of my friend’s website has been hacked. He runs his website on a linux server.

The hacker has managed to overwrite his index.html file only, leaving other files intact. His password consist of 25 characters with alphanumeric and symbols so its not possible to crack his password hypothetically. Even though it was, the hacker would have deleted all his files or could have done more damage to his account.

So, I was wondering if anyone of you have any idea on:

How did the hacker replace the index file without knowing the password?
What measures can my friend take so that this does not happen in future?

Many thanks in advance.

Screenshot:
http://img405.imageshack.us/img405/134/websitehacked.jpg

KM_Richards · September 7, 2010, 2:08pm

My computer is about 3 feet from my VPN router so if I see anybody in my office trying to hack the connection…I’ll shoot 'em

I’m in Texas, so this would be perfectly legal…

Aleksejs · September 7, 2010, 1:49pm

It depends. If you can VPN to server, then you do not really need VPN router for that. VPN router is more usefull if you must have permanent secure connection to remote server for it to be acessible just like any computer on LAN not only through FTP but possibly Xwindows, RPC etc.
Traffic from your computer to VPN router still would be unencrypted - so anyone in your subnet could potentially eavesdrop. Only the portion between VPN routers (or router and server - that really depends on type of VPN you are going to use) would be protected.

KM_Richards · September 7, 2010, 1:30pm

What if you just got a VPN router?

Would that help make things more secure?

KM_Richards · September 7, 2010, 2:52am

What’s the most secure FTP to help combat this?

Aleksejs · September 7, 2010, 5:38am

You should use SCP/SFTP. [url=http://en.wikipedia.org/wiki/FTPS]FTPS is an option too, but due to the nature of FTP protocol it is difficult to set up (at least in active mode), that is why scp/sftp is more commonly used.

Crazybanana · September 1, 2010, 5:55pm

Looks like the site is using the good 'ol Frontpage Server Extension as i have seen tons of similar defacements from these guys on these types of sites/servers. if this is the case, you people are begging for a deface…

EastCoast · August 30, 2010, 11:45pm

This sort of attack has been discussed many times before on this forum, so I’ll not reiterate possible causes and cures, but would mention that ftp is nowadays a common point of entry via gumblar variant viruses/trojans - brute forcing isn’t a factor

SpacePhoenix · August 28, 2010, 7:26am

What apps are installed on the server and is each app up to date with whatever version is the current stable version for each app?

phantom007 · August 28, 2010, 7:27am

Yes they are all up-to-date