What to do when your sites been hacked

[DrFishNips]

My sites been hacked a good few times and I think I've finally patched up all the vulnerabilities. I have the whole site backed up so losing datas not a problem. What I'm wondering though is what kind of files might hackers hide in the servers files and how would I find them? What should I do to make sure theres no malicious files or changes left by hackers? I mean in the webservers files. I'm not familiar with managing servers I never touch anything thats not in the WWW folder.

 

 

[corbin]

Anything executable should be examined...  Also anything that is executed....  For example:

 

 

PHP scripts

Perl scripts

Other CGI apps....

 

 

So on...  And you might want to change all of your server's passwords.

[dreamwest]

If you have directories like this that broswers dont need to enter:

 

/includes/

/js/

/images/

 

etc...

 

Boot the browser off with htaccess, redirect them to the root account.

 

Your index.php page is the main target for hacking. Youll sometime see it with 777 permissions, if you dont update this page - chmod it to 444.

 

Rember htaccess is you best friend  for fooling hackers as to what directory structure youve got by useing urlrewrite, its easier for them to go to a less confusing site - unless your worth hacking of course

 

Use remote address to check the ip for admin panels so only allowing your ip into the admin panel

 

[steviewdr]

Search for files or folders with 777 permissions.

 

-steve

[newbtophp]

My advice:

 

-Scan your site with http://phpantivirus.sourceforge.net/

-If your using a public/retail script use google to see if theirs any exploits and then patch them.

-Set directories to suitable permissions.

-Install a firewall?.

-Manipulate the use of .htaccess.