Web server hacked!

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

yorkshireman replied

17 November 2010, 10:28
I think you need to take a step backwards here. For instance if your website is running on a content management system like say Joomla (which is excellent btw) then it is essential you patch it when security vulnerabilities are discovered.

You really need to give a bit more detail on the configuration and the type of hacking that has taken place before you can get much help here.
Leave a comment:
administrator replied

12 November 2010, 15:04
The htaccess file looks fairly harmless to me. Why do you think you need to edit it?

If you need any help PM me, been hacked more than once and happy to have a look at your machine if you need to.
Leave a comment:
n5gooner replied

12 November 2010, 13:48
haven't got a clue!!!

I'll see if I can find out!
Leave a comment:
Sysman replied

12 November 2010, 13:42
Have you got Apache mod_security installed?

From HowToForge.com:

This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.
Leave a comment:
n5gooner started a topic Web server hacked!

12 November 2010, 12:18
Web server hacked!

Hi all,

right, my web server keeps getting hacked and malware keeps being installed. I know I need to edit the .htaccess but I don't know what too.

This is the current file...

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
# AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

#<IfModule mod_setenvif.c>
# <IfDefine SSL>
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
# </IfDefine>
#</IfModule>

# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter

# AcceptPathInfo On

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)

# php_value session.use_trans_sid 0
# php_value register_globals 1
DirectoryIndex index.php
php_value error_reporting 0
php_value auto_append_file /srv/www/vhosts/digiscanltd.com/httpdocs/htaccess

It doesn't look like its doing anything to me, but I'm rather green with it all.

Any help would be appreciated....

Many thanks

Gooner.
Tags: None