www.webdeveloper.com
Results 1 to 3 of 3

Thread: Hacked

  1. #1
    Join Date
    Mar 2009
    Location
    New York City
    Posts
    128

    Hacked

    One of my clients' sites was hacked and a malware javascript was injected directly into the index file and other files. The site uses my own CMS which doesn't have a file manager portion. The database was clean.

    The hacker actually managed to change the index.php file and the other page files.

    How do they get access? I don't know what the CHMOD is on the root directory because I don't have FTP access to the server (I did, but this is a paranoid client and she changed the password right after I uploaded the site). Can a hacker access and change files if the permissions are set badly?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,387
    If it's a shared host, all they need somtimes is one point of weakness, where they can inject a script that will run as the Apache (or whatever web server) user, which will likely have access to many directories/files on the server if it's not well configured. Even worse is if they can crack the login/password for a root user on the host, at which point it would not matter what permissions you had set.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Mar 2009
    Location
    New York City
    Posts
    128
    Thanks. It's shared on Host Monster. Again, I don't know what permissions are set. I didn't set up the hosting.

    Thanks again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles