php files server keeps getting attacked and unsure of vulnerability

[nade93]

Hi All

 

my servers are with www.justhost.com and they use their own apache system.

 

My files are all under the public html and they keep getting file injected to various parts of the site that will then be used as phishing sites. Once i remove these files, they are back up within an hour.

 

I am using php contact forms with no captchas, I also have admin sections that ask for uploading to the sql, these are password protected though.....

 

Can any one help e please as my account keeps getting suspended and I do not seem to be able to resolve

 

thanks in advance

[nade93]

have found this coding, if this means anything to anyone?????

 

[attachment deleted by admin]

[rbrown]

that is how they are accessing your site. It is a script they can run and it gives them full access to your server. You must be running a script they are exploiting to allow them root access to your site or they have figured out your username / password. You need to delete all scripts off the server and reload it with ones you know are good and secure. Change your username an password after deleteing the files.  First check and see if they left anything that says where they are from, then have them booted off their host for hacking. I have done this in the past chased a hacker over 8 servers and kept having him shut down before he finally gave up.

 

If you should ask you provider for help with tracking them down if you aren't sure what to do.

If they don't help you... go somewhere else.

Good luck...

Bob

 

[steviewdr]

You need to check if any folders/directories are NOT chmod'd 777 (world writeable).

 

Also, it would be a good idea if your host would put a firewall in place blocking outgoing traffic from its servers.

 

-steve

[nade93]

thanks guys will try both those suggestions!

 

x