Hacked

[michaellunsford]

One of my first sites got hacked. It's on my server, which seems too not have any other affected sites. The index.php page was overwritten.

 

Right now, there is a plesk placeholder page up, and at the bottom resides a few iframes who's src links have been linked to a rather old IE exploit. It also contains some nasty looking links (nasty as in XXX). I suppose it's remotely possible that I somehow left the plesk placeholder page up by mistake when moving the site from another location, but I really doubt it.

 

The original site was nothing more than a single html page with very very simple php hooks. Bascially, buttons linked to index.php?id=1 kind of stuff. The page just used the id as image sources. Simple. There isn't so much as a contact form on it. So, the question. How in the world did it get hacked? A plesk exploit?

[MadTechie]

Theirs 101 way it could of happened, from a secuirty hole in the web server, system or even a script..

 

Check the Raw Logs

[michaellunsford]

Well, the file was dated february 7th 03:43, I don't see anything on the site's logs. Where are the raw logs?

[michaellunsford]

Found something in the FTP log. IP Addresses all over the board. Probably spoofed. 

 

I had thought it might be packet sniffing but I haven't updated that site since october of 2005, and the ftp log shows this activity in February of this year..... Any other ideas how someone could have gotten in through ftp?