Pen site hacked

[Texatdurango]

For those interested.......... I turned my pc on this morning and several members had left me messages about my pen site being hacked or at least showing "malware present" by Google.

To make a long story short, someone did try to hack my site but luckily 1and1's security saw the threat and put my account in suspension until I could clear the bad files and upload clean files.

I visited Google's website area and met all their requirements, showing a clean bill of health and today everything is OK but it might take Google a day or two to remove their warning sign on my site.

Thanks for the heads up.

 

[Padre]

That really sucks. I'm glad the jerks didn't do more damage.

 

[mywoodshopca]

For those interested.......... I turned my pc on this morning and several members had left me messages about my pen site being hacked or at least showing "malware present" by Google.

To make a long story short, someone did try to hack my site but luckily 1and1's security saw the threat and put my account in suspension until I could clear the bad files and upload clean files.

I visited Google's website area and met all their requirements, showing a clean bill of health and today everything is OK but it might take Google a day or two to remove their warning sign on my site.

Thanks for the heads up.

Its a mysql injection that could be caused by another user on the server and not just your account. I run servers and this injection was around a few years now.

 

[DurocShark]

For those interested.......... I turned my pc on this morning and several members had left me messages about my pen site being hacked or at least showing "malware present" by Google.

To make a long story short, someone did try to hack my site but luckily 1and1's security saw the threat and put my account in suspension until I could clear the bad files and upload clean files.

I visited Google's website area and met all their requirements, showing a clean bill of health and today everything is OK but it might take Google a day or two to remove their warning sign on my site.

Thanks for the heads up.

Its a mysql injection that could be caused by another user on the server and not just your account. I run servers and this injection was around a few years now.

If you like getting dirty... http://articles.sitepoint.com/article/sql-injection-attacks-safe

That article is from 2002, yet still mostly valid. Scary, huh?

 

[workinforwood]

sorry to hear that George, not that I even know what it means, fingers crossed! Happy Birthday too!

 

[randyrls]

Its a mysql injection that could be caused by another user on the server and not just your account. I run servers and this injection was around a few years now.

Any software that doesn't check for this kinds of maliciousness should be replaced immediately! This has been around for so long that even the script-kiddies know about them.

 

[DurocShark]

Randy, you're talking to mywoodshopca, right? I don't have anything at risk on my MySQL servers.

 

[mywoodshopca]

Randy, you're talking to mywoodshopca, right? I don't have anything at risk on my MySQL servers.

He didnt mean you did. My origional post meant that any server with shared sites could have a user unknownly install a vunerable script like an outdated wordpress, etc and that would allow openings on the whole server if the server configs werent hardened enough or the server had outdated software running on it. I know when this first came out, most software suppliers didnt know HOW it was being injected and was blamed on everything from apache, php, sql, etc..

 

[aggromere]

you'd think that people with the skill to do something like that would devote their time to more constructive things, but alas humans aren't as nice as dogs. I have two dogs and as far as i know they have never tried to hack a website although they have eaten quite a number of loaves of bread off my kitchen counter.

 

[randyrls]

Don; Yes; I didn't mean that your site could be at risk, but someone could hack your site by breaking into someone else's site if the ISP's SQL configs are not secure.

For anyone interested in checking their computer's security; check the "Shields UP" section on this page at Gibson Research. It will perform a port scan to see if any ports are open to the internet.
http://www.grc.com/default.htm

 

[Ligget]

Glad things are OK with your website, wish we could catch the idiots responsible!

 

[dgscott]

Pretty crummy birthday present, George. Hope the rest of the day was brighter!
Doug

 

[glycerine]

For those interested.......... I turned my pc on this morning and several members had left me messages about my pen site being hacked or at least showing "malware present" by Google.

To make a long story short, someone did try to hack my site but luckily 1and1's security saw the threat and put my account in suspension until I could clear the bad files and upload clean files.

I visited Google's website area and met all their requirements, showing a clean bill of health and today everything is OK but it might take Google a day or two to remove their warning sign on my site.

Thanks for the heads up.

Its a mysql injection that could be caused by another user on the server and not just your account. I run servers and this injection was around a few years now.

Was this actually the problem, or are you just guessing? Don't go giving "1 and 1" a bad rep by saying that their servers are vulnerable to SQL injection attacks. I doubt that was actually the issue.
George, did they ever actually say what the problem was?

 

[mywoodshopca]

For those interested.......... I turned my pc on this morning and several members had left me messages about my pen site being hacked or at least showing "malware present" by Google.

To make a long story short, someone did try to hack my site but luckily 1and1's security saw the threat and put my account in suspension until I could clear the bad files and upload clean files.

I visited Google's website area and met all their requirements, showing a clean bill of health and today everything is OK but it might take Google a day or two to remove their warning sign on my site.

Thanks for the heads up.

Its a mysql injection that could be caused by another user on the server and not just your account. I run servers and this injection was around a few years now.

Was this actually the problem, or are you just guessing? Don't go giving "1 and 1" a bad rep by saying that their servers are vulnerable to SQL injection attacks. I doubt that was actually the issue.
George, did they ever actually say what the problem was?

I have seen these in the past and never said that 1&1 are or are not vunerable, but told him that its not always his site that is causing problems since the mysql injection could be caused by another user on the server and not just his account.

And seeing you seem to know so much about injections, what do you think caused it??

George never went and installed the bad code himself so it was likely injected somehow and the common known method is sql injection allowed by someone (else) running a weak script allowing the hacker in and access to the sql.

 

[DurocShark]

To be fair, no matter how good 1and1 is (and I've heard only good things about them), cross pollinating sql injection attacks are difficult to harden against. Especially when you have users running their own apps.

 

[mywoodshopca]

To be fair, no matter how good 1and1 is (and I've heard only good things about them), cross pollinating sql injection attacks are difficult to harden against. Especially when you have users running their own apps.

It can be done.. disable sql, disable php, disable apache, allow no permissions and cut the cable to the router :biggrin:

 

[DurocShark]

To be fair, no matter how good 1and1 is (and I've heard only good things about them), cross pollinating sql injection attacks are difficult to harden against. Especially when you have users running their own apps.

It can be done.. disable sql, disable php, disable apache, allow no permissions and cut the cable to the router :biggrin:

Updating the tables on our core router, I accidentally saved a config that broke the router completely. My coworker came into my office, "Who secured our network?" :biggrin::biggrin::biggrin::biggrin:

 

[Texatdurango]

So................... is the concensus that it probably wasn't due to a weak password on my site which a hacker figured out to gain access to my web pages?

 

[mywoodshopca]

So................... is the concensus that it probably wasn't due to a weak password on my site which a hacker figured out to gain access to my web pages?

I would bet money on it that it was NOT your fault.

I would suspect someone on the server has a very old version of wordpress and thats how they injected garbage into your site.

DurocShark - Yep.. saved a few wrong configs over the years too.. sure gets your heart pumping trying to reverse things lol

 

[DurocShark]

I've gotten into the habit of backing up my configs before making changes. Makes it a whole lot less exciting nowadays. Especially when I broke the router 3 times yesterday while we were installing and configuring a new wifi network (Xirrus, if anybody is curious).

We use a lot of Mac servers there too, and one thing I've started doing is supplementing my backups with network time machine. Nothing like being able to restore to an hour ago.

I agree that it's probably not anything you did George. Just make sure that the software YOU are running is the latest and greatest, fully patched. Also check with your ISP for any software they dislike that you are running. Different ISPs have different feelings about things. Some flat out forbid phpBBS because of the holes that have popped up now and again. vB (like used here) gets mixed feelings from ISPs. And so on.

If you keep within your ISPs comfort zone, they're much more willing to work with you on things like this.

Recover your site. Change your passwords. Move on.

 

[glycerine]

To be fair, no matter how good 1and1 is (and I've heard only good things about them), cross pollinating sql injection attacks are difficult to harden against. Especially when you have users running their own apps.

My point was, let's not make assumptions without any facts.

 

[GaryMGg]

Updating the tables on our core router, I accidentally saved a config that broke the router completely. My coworker came into my office, "Who secured our network?" :biggrin::biggrin::biggrin::biggrin:

That's rich! :wink:

 

[mywoodshopca]

To be fair, no matter how good 1and1 is (and I've heard only good things about them), cross pollinating sql injection attacks are difficult to harden against. Especially when you have users running their own apps.

My point was, let's not make assumptions without any facts.

My point is, being a server admin as well and helping other hosts clean up junk like this in the past, I am familar with this type of things and have seen this personally.

If your so sure its not the sql injection thats so widely known, please feel free to inform all us misinformed people what it was then.

George told us what happened, being familar with the sql injection (as is most other server admins) I gave my opinion as to what likely happened so he would have peace of mind knowly it likely was not him that caused this.

We *could* continue to beat a dead horse if you like but I got better things to do. Sorry

 

[glycerine]

You stand alone in the horse beating category. I simply made a suggestion about making statements without the facts and you seem to have taken offense to that. That's your problem, not mine.