Question

Locked

How does a web site prevent attack by hackers?

By Healer ·
I have a web site running with an Apache server on a Linux platform. It is mostly coded with PHP and has MySQL database. Twice in the last few months have been hacked. Last time when it happened I wiped out the whole web site and re-installed. Now it has happened again. I have seem the effect of implanted code yet.

I discovered the issues when I zipped the whole web site and downloaded to my local computer where there is anti-malware software is running. The download was straight away intercepted and indicated there were Backdoor:PHP/C99Shell.G & Backdoor:PHP/C99Shell.E. The file was removed when I accepted the fix. So I did it again and ignored the message. I unzipped the file and scan all the files again to find out which file was the culprit. I found a PHP file in an image directory causing the problem. The anti-malware software wouldn't let me copy it so that I can study the code. Eventually I had to let go. Then I tried to use CPanel file manager to download the offending file directly from the web server. The local anti-malware software also intercepted again. Eventually I renamed the file and used an FTP program to download it. When I did the anti-malware scan the offending file was found again and was removed.

I deleted the offending PHP file and zip the whole web site again. When I downloaded, again the local anti-malware program found the zipped file infected with the same trojans plus one more which is Hiebot.B. It looks as if the trojans re-generated themselves and more. Perhaps the web site is already remotely controlled by hacker.

I looked at the visitors' logs. I found quite a lot didn't have referring URLs which concerns me. I checked the location of the IP address. Some were from googlebot.com. Most were not. The logs only show visitors retrieving files not depositing files. I don't if I can trace how the file sneaked into the web site. I managed the offending php file by partially disabled my anti-malware software. It refers to a web site "www.rss-tochka.ru//poll/".

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Mass genocide?

by Slayer_ In reply to How does a web site preve ...

I mean, ANYONE could be a hacker, only real choice is to kill them all.

But for real though, you should be able to block via IP ranges. Check those IP ranges without referrers and block them.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums