tag:blogger.com,1999:blog-12044784.post115171987806433506..comments2024-03-19T02:47:44.619-07:00Comments on Food Blog S'cool: My site was hijacked by spammersSamhttp://www.blogger.com/profile/07081680210434938456noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-12044784.post-1151949161142480932006-07-03T10:52:00.000-07:002006-07-03T10:52:00.000-07:00In addition to looking at CGIWrap, if you have she...In addition to looking at CGIWrap, if you have shell access to your site check to see if your /tmp directory is world-writable...the default for control panel apps like CPanel is to make it so. This introduces a huge (and well-known amongst script kiddies) security hole. Look in your /tmp to see if you see any odd files there... then, if possible, ask your hosting provider to make /tmp more secure.RadiationWatchhttps://www.blogger.com/profile/00046857004574853218noreply@blogger.comtag:blogger.com,1999:blog-12044784.post-1151825228288974442006-07-02T00:27:00.000-07:002006-07-02T00:27:00.000-07:00Pascal, Elise thanks. That's great advice. I hope ...Pascal, Elise thanks. That's great advice. I hope I've caught them all now and I'll check that article Elise. I really think it was the Coppermine photogallery that let them in as they specifically were in my tomatom folder and the one for Does My Blog Look Good in this. I'm keeping an eye on it. I don't think my host has CGIWap but i might see if I can get them to do it.<BR/>Thanks very much again.Edhttps://www.blogger.com/profile/08538654566663306116noreply@blogger.comtag:blogger.com,1999:blog-12044784.post-1151795874901570062006-07-01T16:17:00.000-07:002006-07-01T16:17:00.000-07:00Ed, very sorry to hear about it, and I only wish I...Ed, very sorry to hear about it, and I only wish I was half as smart about this stuff as Pascal and Elise!Kalyn Dennyhttps://www.blogger.com/profile/02499065771517548587noreply@blogger.comtag:blogger.com,1999:blog-12044784.post-1151772925817336252006-07-01T09:55:00.000-07:002006-07-01T09:55:00.000-07:00I once had someone hack into my system because I h...I once had someone hack into my system because I hadn't used CGIWrap and the permissions on my files were too weak. See <A HREF="http://www.learningmovabletype.com/archives/000770cgiwrap_and_suexec.php" REL="nofollow">CGIWrap and suEXEC</A> - an article I wrote about these security features.<BR/><BR/>I completely agree with Pascal's advice to compare, file by file, all the files in your MT or WP install. If you come across a PHP file that you don't think should be there, make a copy of the file contents to a text document locally, and then delete the file from your web server. If something breaks, you have a back-up. It's tedious, but if there is a rogue PHP file sitting on your server, the spammers can do it again.Elisehttps://www.blogger.com/profile/13924741708406041795noreply@blogger.comtag:blogger.com,1999:blog-12044784.post-1151727446095674012006-06-30T21:17:00.000-07:002006-06-30T21:17:00.000-07:00Not the kind of thing you want to hear about!You c...Not the kind of thing you want to hear about!<BR/>You can find out if you are blacklisted by checking the sites listed there: http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/<BR/><BR/>In my experience, ORDB is a good place to start.<BR/><BR/>If you are, most of these sites have a procedure you can follow to get removed. If you have an explanation that makes sense, they will remove you (although it can take some time).<BR/><BR/>As far as protecting you, change your passwords, update the gallery application if there is an update, or better yet, remove it.<BR/>It is important to check that no file remain (especially a php file that can execute things on your server). If they were not too clever, check the dates of all your files and check any recently modified file. If you have access to a default installation, you could compare files by files.<BR/><BR/>Good luck!Anonymousnoreply@blogger.com