?
Solved

How was I hacked? Security experts....

Posted on 2006-03-30
12
Medium Priority
?
169 Views
Last Modified: 2006-11-18
Yesterday I discovered that number of files on my server had been hacked.

A new line of code has been added that opened an IFRAME and tried to download a trojan.

The files were chmodded to 777, so anyone could have written, but on checking i discovered that every file that was 777 suffered this attack.

What puzzles me is that these files were in a folder protected by .htaccess, the folder was 755, and Im the only person in the world that uses these files, so the filenames were linked to from anywhere else, how did the attacker discover the files, can anyone just browse my filesystem remotely?

0
Comment
Question by:fox_statton
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 49

Accepted Solution

by:
Roonaan earned 672 total points
ID: 16340319
When you are on a shared hosting account, any of the other with server access would have been able to modify your 777 files.

-r-
0
 

Author Comment

by:fox_statton
ID: 16340866
On a shared hosting account anyone else on the server can set up a script to browse my directories?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 16340884
anyone can access 777 files and 777 dirs.

-r-
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:fox_statton
ID: 16341439
But if they dont know the filename (ie its not linked to from anywhere and is not an obvious name) how can they discover it?
0
 
LVL 7

Expert Comment

by:JB04
ID: 16341607
all someone has to do is read the directory using PHP or possibly could do it through the command line using the dir command.


If someone is changing your files you should report this to your web host, the problem can only really be fixed by them -  unless its an insecure script
0
 

Author Comment

by:fox_statton
ID: 16341853
They can read the contents of my directory even if its set to 755?
0
 
LVL 7

Assisted Solution

by:JB04
JB04 earned 664 total points
ID: 16341914
755 is execute/read/read I think, so yes anyone can because they are world readable, it depends on the server setup though, my webhost uses CGI with suexec which helps with problems like these
0
 
LVL 11

Expert Comment

by:Joseph Melnick
ID: 16347863
Hello all,

755 is read,write,execute  4+2+1 = 7  owner      
         read, execute         4+1      = 5  group  
         read, execute         4+1      = 5  everyone


here is a table of values:

Digit rwx Result
0 --- no access
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read write execute

typical settings
directories 755, scripts 755, data files 666, and configuration files 644

Joseph Melnick
0
 

Author Comment

by:fox_statton
ID: 16349108
So it I dont want people to be able to browse my directiory, but need to be able to execute scripts, what should I set it as?

0
 
LVL 11

Assisted Solution

by:Joseph Melnick
Joseph Melnick earned 664 total points
ID: 16350021
Hello fox_statton,

You need to have a default page in the directory often index.html, index.htm or index.php

The default behaviour of apache is to allow directory browsing and adding an index file will disable this.
If you use a .htaccess file in that directory you can use the DirectoryIndex directive to set your own index file as shown below:

DirectoryIndex myindex.html index.cgi index.php index.html

The file permissions on .htaccess should be 644 to allow reading by everyone and read write to you.

if you want people to execute scripts in your directory they need read access. or 755.
you definately want to ensure that your directories are set to 755 that they can be read and navigated these are often misconfigured with 777 and allows your directory to be world writable NOT good.

 Joseph Melnick (jmelnick)
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses
Course of the Month16 days, 19 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question