Main Area and Open Discussion > Living Room

Website under attack ... help needed

<< < (3/4) > >>

mouser:
I didn't realize it was possible to use standard html to redirect after some delay, but it seems it is:
see: http://stackoverflow.com/questions/5411538/how-to-redirect-from-html-page

In that case it sounds like you might want to search your files for:

--- ---http-equiv="refresh"

f0dder:
If it's not too massive amounts of data, be sure to grab a copy of the entire site (via FTP or similar) before you proceed. There's hacks out there that spit out different content to the "end-user" depending on various factors (this has been used to insert SEO-hack-crap only in case the "end-user" is a search engine bot - which means you would not see that if you check a hax0red site in your web browser).

40hz:
The more significant challenge will be establishing whether it's just the website that's been hacked - or if the entire server has been compromised. If the Linux server is virtual (or not too heavily customized) I'd probably be more inclined to just load up a clean server image (or at least a 'known clean' webstack) after I got to the bottom of the problem with the website(s).

That's the real problem with getting hacked. It's often difficult or impossible to accurately determine exactly where and how far in they got.

Rover:
Look @ .htaccess your file too.

I saw an attack where the injected code was not "seeable" via cat/less/vi.  All it did was inject porn images in place of the normal ones, but check everything. :)

ewemoa:
That's the real problem with getting hacked. It's often difficult or impossible to accurately determine exactly where and how far in they got.
-40hz (February 11, 2013, 09:43 PM)
--- End quote ---

Would it be practical to compare files and directories from backups to see what might have changed?

Navigation

[0] Message Index

[#] Next page

[*] Previous page