• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

Fatal Error 2006 - BY:Owz taken over my site

It appears all index.php files have been hacked on my site.  I restored a copy from backups but this is a little disturbing.  We have the site on apache.  Do you have any ideas how this guy did this and how to patch the issue?  Maybe M$ hates the idea IIS isn't as popular :)
0
chitchcock
Asked:
chitchcock
2 Solutions
 
Sam PanwarSr. Server AdministratorCommented:
Hi,

Are you running any public forums or your site maked through the template  and use the  phpbb. that "Mostly  Hacker attack on forums/ board/template to find out security holes and hack sites".  Hacker guys have already hacked thousand of sites to find out security holes on forums/boards/template all over world.

If you are using any forums/board then I would  suggest that you upgrade to the latest version to prevent this from happening again and make sure that you always keep your forum up-to-date

If you didn't use this then you have to contect your hosting company and ask to the latest backup of your site. they will provide you the latest back up.

The hacker changes in the coding of the yyoue default page so  think you shoul recompile or recheck whole page coding . In the page there may be redirect script or not

0
 
ahoffmannCommented:
>  Do you have any ideas how this guy did this ..
ther could be multiple ways to do it.
As it is PHP, I guess that it was due to a vulnerability somewhere in your other php scripts, or even another application hosted on the same physical server.
Best you check your logs.

> .. and how to patch the issue?
1. secure your applications, in particular check *every and all* input (from user, http header, database, whtever) and reject everything you do not know --> whitelisting
2. secure your configurations (php.ini, httpd.conf)
3. secure your operating system as a second line of defence, this includes strong permissions for process users and file access
0
 
chitchcockAuthor Commented:
We do not use forums or boards.  Have you guys ever heard of 'BY:Owz'
I did a google search and it looks like he hit at least 10 other sites this week.  I am talking with our hosting company now and having them patch and/or update OS as well as any areas of apache he deems are insecure.  I have backups done automatically that push to a test server at my location so backups are not an issue.  Thanks to both of you.  CHUCK
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now