morelakw Posted July 30, 2010 Posted July 30, 2010 I need some help. My host company has informed me that our website has been hacked. Every time they load our site onto the server, the server does a crash and burn. It shuts everything down. The host company thinks that there is some malicious code somewhere in our code that we need to look for. Is there any good place to start looking, with thousands of pages of code to look through. Ive read many comments on different hacks on here for specific hacks. Has anyone had any experience with a host server crashing? Where to look? Ideas? Thoughts? Thank you in advance. Kyle
♥FWR Media Posted July 30, 2010 Posted July 30, 2010 I need some help. My host company has informed me that our website has been hacked. Every time they load our site onto the server, the server does a crash and burn. It shuts everything down. The host company thinks that there is some malicious code somewhere in our code that we need to look for. Is there any good place to start looking, with thousands of pages of code to look through. Ive read many comments on different hacks on here for specific hacks. Has anyone had any experience with a host server crashing? Where to look? Ideas? Thoughts? Thank you in advance. Kyle If your site is indeed crashing the server then I can't blame your host. However .. it would have been extremely simple for them to view the logs and point out to you where and how the crash is occurring in relation to your files rather than just shutting you down without a jot of help. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
morelakw Posted July 30, 2010 Author Posted July 30, 2010 I do not blame them for shutting us down. I understand that. Not to seem like a complete moron here, but what types of logs should i be requesting? Obviously security logs or logs that show site changes that have occurred during the previous 48 to 72 hours? Suggestions on where to go from here would be appreciated. Obviously I am learning as I go right now. Thank you
♥FWR Media Posted July 30, 2010 Posted July 30, 2010 I do not blame them for shutting us down. I understand that. Not to seem like a complete moron here, but what types of logs should i be requesting? Obviously security logs or logs that show site changes that have occurred during the previous 48 to 72 hours? Suggestions on where to go from here would be appreciated. Obviously I am learning as I go right now. Thank you I wasn't really alluding to the logs that you had available to you ( although you should obviously look at them ) your comment stated: - Every time they load our site onto the server, the server does a crash and burn. So these hosts whoever they are have have tried a number of times to "load" the sites but the server crashes. If we assume these hosts are server specialists ( and ofc they should be ) then they should know exactly how the server crashed and the route to it happening. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
morelakw Posted July 30, 2010 Author Posted July 30, 2010 They were quite vague as to the server crashing. All i know is everytime our site was loaded onto the server, the server would crash and burn. They were no more informative than that. Sounds like i need a lot of information from them first thing Monday morning. Thank you. Anything else i should be aware of come Monday morning when i speak with them again? I appreciate your assistance.
morelakw Posted July 30, 2010 Author Posted July 30, 2010 Would the logs still be available since we are on a shared server. We are also on a shared host with our site. Would it be better for our oscommerce site to be on a dedicated server?
morelakw Posted August 1, 2010 Author Posted August 1, 2010 My host gave me all of my website files to start digging through.....is there a log file that I should look for to find the vulnerability?
germ Posted August 1, 2010 Posted August 1, 2010 Rogue code infecting an osC site is usually obfuscated PHP that looks like the code described here And is normally at the top or bottom of the PHP source. HTH. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
morelakw Posted August 1, 2010 Author Posted August 1, 2010 Rogue code infecting an osC site is usually obfuscated PHP that looks like the code described here And is normally at the top or bottom of the PHP source. HTH. :) germ, I've been running code compare on several php files and have not found a thing that looks malicious, also there aren't any obscure php files anywhere that I could see. Are there any typical php files that hackers will input code into?
germ Posted August 1, 2010 Posted August 1, 2010 Usually the index.php or any of the "requires" or "includes" found it it. But once site security has been compromised ALL files are guilty until proven innocent by careful inspection (IMHO). If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
morelakw Posted August 1, 2010 Author Posted August 1, 2010 Usually the index.php or any of the "requires" or "includes" found it it. But once site security has been compromised ALL files are guilty until proven innocent by careful inspection (IMHO). I'm more than halfway through my entire site, and still have yet to find anything. I appreciate all of the help. I will continue to dig.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.