Attempted hack on VPS, how to protect in future, what were they trying to do?
Posted
by
Moin Zaman
on Server Fault
See other posts from Server Fault
or by Moin Zaman
Published on 2010-11-26T19:49:54Z
Indexed on
2011/01/03
20:55 UTC
Read the original article
Hit count: 235
UPDATE: They're still here. Help me stop or trap them!
Hi SF'ers,
I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file.
Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away.
I have some inkling as to how they managed to do this:
My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?!
I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions.
Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?
© Server Fault or respective owner