Link to home
Create AccountLog in
Avatar of Shopies
Shopies

asked on

I need someone to look at this

Hi,
A hacker attacked one of my customers website by injecting the config.php file which is set to 777. I downloaded the log file of that website to see if there were any .php injections but I didn't find any. I will attach the file to see if anyone can find any .php injection or any other reason might caused the injection.

My IP address is : 77.31.74.30

See the attachment,
Regards,
logfile.txt
ASKER CERTIFIED SOLUTION
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I looked through the file also, there seems no sql injection indeed.
Avatar of Shopies
Shopies

ASKER

Hi angelIII,
But my web hosting company kept saying that this attack happened because I have php Vulnerability in my script. Wouldn't it show in the raw logfile if my customer website was attacked due to php Vulnerability or even sql injection?!!

So, how did my customers website was hacked? Is it because of the server security issues?

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
also vps is far better option (as above), if you have shared hosting and your file is set to 777 then it's far easier for someone to overwrite that file.

This is made worse if you are using an off the shelf script and people know the folder structure and what files are going to be 777 and so on.


Avatar of Shopies

ASKER

I'm using a VPS and the script running on that website made by me and keep updating everything in that script. This is a CMS script and only place where anyone can upload files is via the control panel which is well protected by sessions and a username and password. No one ever can navigate through the control panel without having an admin access.

ok if you do VPS then you will have to make sure your Server security is tight enough,I dont think  you would be able to blame your web hosting company for this.
Because VPs is acts like its your own linux Box .  You are responsible to make security and everything.

so i would of say, change the password of your root. or if you have any option to recreate your vps then install fresh OS again , start from begnning then upload file again from an Old backup ( the backup which been taken before this hacking happended)
and also, put right previliges to files . Most of all, secure your server first. use some kind of intrusion detection software on ur liux such as snort .

secure your server first then go to uploading files for web site.
Avatar of Shopies

ASKER

The webhosting company is one who manages my VPS security issues. I don't have root access to my VPS, instead I only have WHM access.

My web hosting com is driving me crazy, everyone says it's a server security issue and the log file has no indication of any kind of php file injection, what can I do?!!

This is what they said
We of course investigated the issue on our side and see no indication whatsoever that the server is responsible for your sites being hacked

Open in new window

If you dont have root access then its not your fault

ask the web hosting what is Sql injection !!
and say, we dont have any option to do upload any file to the server via our web site script, then how a hacker copied http.conf file and past in php.config !!!!

also  say : Since we dont have any root access to server. then how our script will give chance to a hacker to copy httpd.conf file and override php.confif file


and say : our side deal with database not any file sytem of linux server. so if there is any hacking , it would be on my mysql server not file system

they should of give you a good explanation of this question.
Avatar of Shopies

ASKER

You are all right guys and my host is not telling the truth specially he didn't give and reasonable proof of what he claims. I'll try to find another host soon...

Regards,