Website Hacked

D

djfenom

Guppy
One of my websites has been hacked, I have submitted a ticket but I don't seem to be getting anywhere.

The site in question has several folders that have 757 permissions set because the client needs to keep uploading documents to these folders via a bespoke CMS.

The robots.txt file has disallow on the folders in question, but today I received an email from Google imforming me of a phishing attack.

I've had full directories uploaded into some of the folders and there's some pretty nasty stuff in there.

I've also had an email from the RSA saying that the site is fraudulent and has been hacked.

Jodo have now removed the folders, but my question is what can I do to prevent this in the future? Is this an FTP attack or is it simply because the folder permissions were set to 757? There doesn't appear to be any unlawful access to the CMS? I have a htaccess file in the new folders:

Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .html .shtml .sh .cgi

Is there anything else I can be doing to prevent this happening?

Thanks

Chris
 
logs will have to be checked for why, we've seen it happen quite a bit with CMS systems of late.
 
Hi Stephen,

The strange thing is there's absolutely no indication of the CMS being hacked, nothing has been changed or uploaded in that respect?

Have I done enough in my htaccess file for this not to happen again or is there anything else I can do?

Are you able to look into the logs?

Thanks,

Chris
 
You must log in or register to reply here.
Back
Top