Fatal Error 2006 - BY:Owz taken over my site

It appears all index.php files have been hacked on my site.  I restored a copy from backups but this is a little disturbing.  We have the site on apache.  Do you have any ideas how this guy did this and how to patch the issue?  Maybe M$ hates the idea IIS isn't as popular :)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam PanwarSr. Server AdministratorCommented:

Are you running any public forums or your site maked through the template  and use the  phpbb. that "Mostly  Hacker attack on forums/ board/template to find out security holes and hack sites".  Hacker guys have already hacked thousand of sites to find out security holes on forums/boards/template all over world.

If you are using any forums/board then I would  suggest that you upgrade to the latest version to prevent this from happening again and make sure that you always keep your forum up-to-date

If you didn't use this then you have to contect your hosting company and ask to the latest backup of your site. they will provide you the latest back up.

The hacker changes in the coding of the yyoue default page so  think you shoul recompile or recheck whole page coding . In the page there may be redirect script or not

>  Do you have any ideas how this guy did this ..
ther could be multiple ways to do it.
As it is PHP, I guess that it was due to a vulnerability somewhere in your other php scripts, or even another application hosted on the same physical server.
Best you check your logs.

> .. and how to patch the issue?
1. secure your applications, in particular check *every and all* input (from user, http header, database, whtever) and reject everything you do not know --> whitelisting
2. secure your configurations (php.ini, httpd.conf)
3. secure your operating system as a second line of defence, this includes strong permissions for process users and file access

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chitchcockAuthor Commented:
We do not use forums or boards.  Have you guys ever heard of 'BY:Owz'
I did a google search and it looks like he hit at least 10 other sites this week.  I am talking with our hosting company now and having them patch and/or update OS as well as any areas of apache he deems are insecure.  I have backups done automatically that push to a test server at my location so backups are not an issue.  Thanks to both of you.  CHUCK
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.