Fatal Error 2006 - BY:Owz taken over my site

Posted on 2006-04-05
Last Modified: 2010-04-20
It appears all index.php files have been hacked on my site.  I restored a copy from backups but this is a little disturbing.  We have the site on apache.  Do you have any ideas how this guy did this and how to patch the issue?  Maybe M$ hates the idea IIS isn't as popular :)
Question by:chitchcock
    LVL 18

    Assisted Solution

    by:Sam Panwar

    Are you running any public forums or your site maked through the template  and use the  phpbb. that "Mostly  Hacker attack on forums/ board/template to find out security holes and hack sites".  Hacker guys have already hacked thousand of sites to find out security holes on forums/boards/template all over world.

    If you are using any forums/board then I would  suggest that you upgrade to the latest version to prevent this from happening again and make sure that you always keep your forum up-to-date

    If you didn't use this then you have to contect your hosting company and ask to the latest backup of your site. they will provide you the latest back up.

    The hacker changes in the coding of the yyoue default page so  think you shoul recompile or recheck whole page coding . In the page there may be redirect script or not

    LVL 51

    Accepted Solution

    >  Do you have any ideas how this guy did this ..
    ther could be multiple ways to do it.
    As it is PHP, I guess that it was due to a vulnerability somewhere in your other php scripts, or even another application hosted on the same physical server.
    Best you check your logs.

    > .. and how to patch the issue?
    1. secure your applications, in particular check *every and all* input (from user, http header, database, whtever) and reject everything you do not know --> whitelisting
    2. secure your configurations (php.ini, httpd.conf)
    3. secure your operating system as a second line of defence, this includes strong permissions for process users and file access

    Author Comment

    We do not use forums or boards.  Have you guys ever heard of 'BY:Owz'
    I did a google search and it looks like he hit at least 10 other sites this week.  I am talking with our hosting company now and having them patch and/or update OS as well as any areas of apache he deems are insecure.  I have backups done automatically that push to a test server at my location so backups are not an issue.  Thanks to both of you.  CHUCK

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
    In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now