strub Posted June 14, 2011 Share Posted June 14, 2011 Hi, One of my older site (OSC v2.2 RC2a)is still being hacked. There are being uploaded very mysterious files to the images directory such as: allnet.php, dvd.php, indo.php and so on. Now, I have deleted filemanager as well as define_language.php. Furthermore, I have made a .htaccess password file for the admin. Lastly I added a .htaccess file for the images directory like this: # Prevent directory listing IndexIgnore * Options All -Indexes # Secure directory by disabling script execution AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .jsp .asp .htm .html .shtml .sh .cgi Options -ExecCGI <Files ~ "\.(php*|s?p?html|cgi|pl)$"> deny from all </Files> # Don't show this file <Files .htaccess> order allow,deny deny from all </Files> # Force download <Files *.*> ForceType application/octet-stream # Header set Content-Disposition attachment </Files> But they still upload these files after some hours. Did I miss something? Thanks in advance. Link to comment Share on other sites More sharing options...
Guest Posted June 14, 2011 Share Posted June 14, 2011 More than likely, they have uploaded a backdoor to your server that is allowing unrestricted access. I suggest looking for and removing malicious code and anomalous files from your server. Chris Link to comment Share on other sites More sharing options...
strub Posted June 14, 2011 Author Share Posted June 14, 2011 Hey thanks DunWeb for your fast reply. Is a backdoor kind of a php file or could it also be some code they added to any osc file? Link to comment Share on other sites More sharing options...
Guest Posted June 14, 2011 Share Posted June 14, 2011 It could be either or both. Chris Link to comment Share on other sites More sharing options...
strub Posted June 14, 2011 Author Share Posted June 14, 2011 Ok thanks a lot. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.