It looks like that someone hacked my account

K

kuttyjapan

Guppy
Hi,

I found at 25 may 2007 19:00 hrs that, all my all the default.*, index.*, login.*, home.* files are being hacked in all my domains and sub domains and all sub folders....

These pages were modifield with a <IFRAME></iframe> at the end of the page.

So, other user please check theirs...

Raam
www.kuttyjapan.com
 
Re: It looks like that someone hacked the Jodohost webserver

It's probably some vulnerability in some script you run, allowing people to overwrite any files under your username. Or... someone just guessed your password, but that's less likely. Doesn't hurt to change it anyway though.

Then I'd start with updating well known software to the latest versions. If you have upload scripts or other scripts that write to files, I suggest you thoroughly check them and/or disable them for the time being.
Checking the webserver logs might shed some light on what script is being abused.
 
Re: It looks like that someone hacked the Jodohost webserver

If you can submit a ticket, we can check the logs, it is very likely a php or asp app allowing upload of a php or asp app that they are then using to overwrite files.
 
Re: It looks like that someone hacked the Jodohost webserver

Since it was all domains, it was restored, and it looks like the logs for today got overwritten because they were copying your whole folder :(

that being said, I am seeing some major POST with some cryptic error message paths to your guestbook.

however, we have a second location for logs in this case and I am giving them a checkup.
 
Re: It looks like that someone hacked the Jodohost webserver

Actually it looks to be FTP, Manish has the logs for you, it was a US based IP address, from a leased server in Michigan. Manish is sending you the FTP logs of their actions via ticket.
 
You must log in or register to reply here.
Back
Top