[vox-tech] my site was hacked

Scott Miller scottlinux at gmail.com
Tue Jan 26 07:41:55 PST 2010


You can alter a site's home page (or do more) with types of injection.
:( This random article has pictures of an example:

http://www.technicalinfo.net/papers/CSS.html
(See: Putting It All Together)

So depending on the site's places of 'input' - (search boxes, comment
boxes, even the address bar can be used) it is possible to inject code
and potentially do whatever you want.

Depending on the situation it may or may not be a security problem of
the hosting company but could be a vulnerability in a specific site's
code. Especially with PHP. PHP calendars, guestbooks, blogs, etc are
constant targets.

If this was an injection, and if you have access to the apache logs
you can see what exact ip address made the injection, and such. Look
for POST in the logs. A lot of times hackers will try again and again
for several days (weeks) posting random scripts until they get it. So
there can be a long track record recorded in the apache logs.

On Tue, Jan 26, 2010 at 04:31, Hai Yi <yihai2004 at gmail.com> wrote:
> Gandalf: Thank you for the detailed explaination, I'll read it again.
> I checked my pages, only index.html was replaced, what really upset me
> is that now it's 48 hours after I sent the request to the ISP, still
> no response; I can understand now hacking does happend and I can fix
> the problem myself, but their services disappoint me.

-- 
Scott


More information about the vox-tech mailing list