• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 574
  • Last Modified:

Website keeps changing to western union

I deployed a website on a server at home and it will run fine for a few days, however it will change over to a directory browsing typ (FTP) looking site, ive noticed that PHP and some program callded we developer is installed. and i cant browse my site anymore. i have deleted these directories and then it works fine for a couple of days, then it happens again. I have done this about 3 times allready and now am unable to even RDP into it. so I just had the kid shut the whole server down. I am using Clam antivirus and linksys fire wall.  

Is there anyway to tell when this thing hijacks my server? and how do i stop it?
0
troy93955
Asked:
troy93955
  • 4
  • 2
1 Solution
 
troy93955Author Commented:
Here is screen shot

hijacked.docx
0
 
dgrafxCommented:
when you say "I just had the kid shut the whole server down"
this is indicative of the problem
if you're doing actual work that you make money from then you need to start working with adults ...
Thats just common sense.

Specifically - someone is able to ftp to your sever
if you need ftp - then you need to provide security (or better security)
if you don't need ftp then turn it off

good luck ...
0
 
Rich RumbleSecurity SamuraiCommented:
I'd suggest upgrading apache from 2.2.6 to the latest. If your using Wamp of Xampp, this is a pretty straight forward process, just point the install the the proper apache location (c:\wamp\apps\apache for instance)
Your website might have SQL injection vectors that make it easy, or you could have very lax webserver settings. Have a look at skipfish. you can find a windows build for it here:
http://www.shortinfosec.net/2010/03/compiling-latest-skipfish-for-windows.html
You can also try the XSS-me and SQL-Inject-Me plugins for firefox to test your website.
-rich
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
troy93955Author Commented:
dgrafx,
first of all it is a home server mainly for personnel use, and when i said kid i mean my child since she is on spring break..... i would suggest the old term "Ask First Before Hunting and Fishing on Private Property!!!!"
I did setup security but obviously I dont know what Im doing so i wrote here.
Thanks
0
 
troy93955Author Commented:
Thank you
0
 
dgrafxCommented:
I shouldn't even comment back but ...
When you say "obviously I dont know what Im doing"
thats exactly what I meant in reference to the kid.
Sorry that this turned out to be your kid - I envisioned some neighborhood skate boarder where you thought you'd be saving some $$$ - but it still applies.

But - many many developers (both here on EE and elsewhere) have "home" servers that we use for development.
We do NOT consider them to be "just" home servers even if some of the work done on them may be of a personal or non-critical nature.

You are free of course to poll developers to get an idea of what percentage would allow their kids to be in charge of their network security.
This isn't any kind of a put down to your kid or kids in general - it's just the development process of humans.
Meaning I wouldn't let my kids mess with the brake system on my Jeep (or be in charge of my network security) until they proved they knew what they were doing.

And Thank You as well ...
0
 
troy93955Author Commented:
My apologies, Ive only been in IT for about 5yrs, before that it was all labor...
I am like one of the only IT guys I know that does not have thier own network at home. so I am trying to figure it out, so when my site was changing to the above mentioned i was worried some one had access to my whole personsl network at home, so when i said i had the kid shut it down all it means is I called her and asked her to hold in the power button tell it turned off, that is all :)

So... can we start over? can you maybe help me set my network up at home so I can be sure i am not being hacked??? I will click follow on your profile and if you want maybe you can teach me a few things??

Anyway, Thank you for responding
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now