Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
square1
New Member
New Member


Joined: Jul 20, 2006
Posts: 7

PostPosted: Sat Jul 29, 2006 1:56 pm Reply with quote

Here again asking more questions... Embarassed We now have an issue with the site we were dev'ing (btw, this is a volunteer job on our part, not something we are currently being paid to do). Any time anyone tries to access the site, be it the PHP portion or the current Splash page, a window pops up with "Enter username and password for 'backup' at 'http://our site url.com'" and has a place to enter a username or password. The site went down late last night. My husband did say before this happened there was a flooding attempt in requests for login accounts.

My question is, is this log-in and password for the back up an automated response from our server with the hosting company we go through, or does this mean somebody completely hi-jacked the account to the site? My husband upon logging into the FTP can see all the files are still there, nothing has been deleted. How do we go about rectifying this? Shocked
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Jul 29, 2006 1:59 pm Reply with quote

I would ask your host if this is somehow their doing and I would also check to make sure someone has not hacked any of the files / directories that you are accessing. Sounds "fishy" to me, but I am not a hack expert.

Is it possible that one of you or your other teammates password protected the directory?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
square1
PostPosted: Sat Jul 29, 2006 2:32 pm Reply with quote

we seem to have figured out what happened. My husband said they flooded and crashed the database, then flooded and crashed the actual site, then brute forced their way into the FTP login and inserted an XML file (might be mistaken on the type of file there, I'm going off of memory of what he told me, and I'm not the best at knowing the difference between script and file types). Unfortunately the FTP log-in was also our hosting account log-in, so they did gain access to that as well. We've gotten the site back though, passwords are being changed across the board, and we'll be stepping up security. The hosting company that we re-sell for have the IP of the person that did it, and will be investigating, but because of liability issues can not release the information to us Mad So i guess we'll see. Meanwhile I've asked him to check which version of Sentinel we have, and the group we are doing this for has said whatever software needs to be acquired or bought to secure this thing, just to do it. So, I'll also be looking through this site to see what's up for sale. If anyone has suggestions they would be most welcome, and thank you for taking the time to respond.

Square1
 
montego
PostPosted: Sat Jul 29, 2006 2:35 pm Reply with quote

Well, nothing really for sale here on this site. This site is strictly kept "alive" through voluntary contributions of the community. There is no product to buy. This is all Open Source.

Hope you find what you are looking for.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Jul 29, 2006 8:41 pm Reply with quote

If I may, I have never seen where an ip cannot be released due to liability, otherwise Sentinel couldnt list the ips of people who visit your site.

As for the brute force.

There are measures that can be taken from the server level to stop those, being able to brute force a sites ftp is about the same difficulty in being able to brute force the roots Only registered users can see links on this board! Get registered or login!

I'd really sudjest that you find a more complete host with the correct security setup. Once dealing with floods(more likely ddos attacks), brute forcing and cpanel issues, You'll see how well a server CAN be setup to stop those but at the site level you are virtually helpless(to a point).

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©