Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Server Hacked


qazwerty

Recommended Posts

My web hosts control panel allows email forwarding. I setup an email like [email protected] and had it forward to a personal address, [email protected]. Recently we got complaints about emails not be delivered to us. We still received emails so I asked for an example and it was sent to an address I did not recognize. I checked out control panel sure enough all email to [email protected] was being forwarded to the personal address I setup but also sent to another address I did not add, [email protected].

 

I contacted the hosting company and they pulled their logs. This is what they said:

 

Hello,

 

According to our server logs, the forwarding from [email protected] to [email protected] was created on November 28, 2006. The forwarding we set via the Mail Manager of your online control panel. The person that created the mail forwarding used the following IP address 202.91.x.xxx .

 

Here is the log regarding this matter:

 

 

2006-11-28

22:18:46 cp myusername 202.91.x.xxx CP LOGIN

 

22:20:16 cp/fileman myusername 202.91.x.xxx FILE UPLOAD

name /www/www/help.php size 82934

22:27:42 cp/mail myusername 202.91.x.xxx SET FORWARD account pam

save

 

Also, this person uploaded a remote shell tool /www/www/help.php to your account's webspace. For security reasons we have deleted the offensive tool from your account.

 

If you do not recognize the IP address that accessed your control panel, this means that your hosting password has been compromised, and someone intruded into your webspace. In this case, you will have to change your hosting password immediately. The intruder managed to obtain somehow your password.

 

For this reason, you should improve the security of your account. You need to upgrade any third party applications you are using on mysite.com to the latest available versions, and apply any security patches released by the respective vendors. It is also strongly recommended that you do not use your main hosting password in the cases when an application requires MySQL access. You can create MySQL subusers and configure your applications to use these subusers. This way, if an application gets hacked, the hacker will not be able to obtain your main hosting password.

 

For additional security, you need to scan all computers that are used for maintaining mysite.com for viruses and spyware. You will have to make sure that all computer systems are safe and there is no leak of sensitive data to other parties.

 

If we can be of additional assistance to you, please let us know.

 

 

Best Regards,

K. V.

Abuse Team

 

Now I have changed all the passwords and I do not see any files I do not recognize on the server. What is my next step? What am I legally responsible for if any CC info was grabbed? I am in VA. Do I need to notify customers?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...