We help IT Professionals succeed at work.

Fatal Error 2006 - BY:Owz taken over my site

chitchcock
chitchcock asked
on
Medium Priority
517 Views
Last Modified: 2010-04-20
It appears all index.php files have been hacked on my site.  I restored a copy from backups but this is a little disturbing.  We have the site on apache.  Do you have any ideas how this guy did this and how to patch the issue?  Maybe M$ hates the idea IIS isn't as popular :)
Comment
Watch Question

Sam PanwarSr. Server Administrator
Commented:
Hi,

Are you running any public forums or your site maked through the template  and use the  phpbb. that "Mostly  Hacker attack on forums/ board/template to find out security holes and hack sites".  Hacker guys have already hacked thousand of sites to find out security holes on forums/boards/template all over world.

If you are using any forums/board then I would  suggest that you upgrade to the latest version to prevent this from happening again and make sure that you always keep your forum up-to-date

If you didn't use this then you have to contect your hosting company and ask to the latest backup of your site. they will provide you the latest back up.

The hacker changes in the coding of the yyoue default page so  think you shoul recompile or recheck whole page coding . In the page there may be redirect script or not

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
>  Do you have any ideas how this guy did this ..
ther could be multiple ways to do it.
As it is PHP, I guess that it was due to a vulnerability somewhere in your other php scripts, or even another application hosted on the same physical server.
Best you check your logs.

> .. and how to patch the issue?
1. secure your applications, in particular check *every and all* input (from user, http header, database, whtever) and reject everything you do not know --> whitelisting
2. secure your configurations (php.ini, httpd.conf)
3. secure your operating system as a second line of defence, this includes strong permissions for process users and file access

Author

Commented:
We do not use forums or boards.  Have you guys ever heard of 'BY:Owz'
I did a google search and it looks like he hit at least 10 other sites this week.  I am talking with our hosting company now and having them patch and/or update OS as well as any areas of apache he deems are insecure.  I have backups done automatically that push to a test server at my location so backups are not an issue.  Thanks to both of you.  CHUCK
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.