Unix9 hit by hackers.....

[hohios]

Unix9 hit by German hackers.....

Check your sites too...

[Brangwyn]

What makes you say that hohios ?

I was wondering that as well...

[hohios]

They entered in one site of a customer of mine.
They renamed ftp folders to:
hit (folder)
by (folder)
German Hackers (folder)

and deleted all html files.

Thay also made 3 permanent redirections to disney's site

The CP reported these redirections. I've deleted the redirection by the CP.

Just check your sites too

[Brangwyn]

Thats probably not the "server" being hacked though just your customers site most likely.

Customers sites can easily be hacked depending on the softwre they choose to run on their sites. Many well known packages are full of security vulnerabilities (php-nuke springs to mind), it's very likely thats whats happened. I have probably one customer every 5-6 weeks have their site hacked, but generally its "their own fault" so to speak.

Do you know what software they may have been using on their site ?

Thanks for the heads up though

[hohios]

I wish the attack was made only to my customer's site.
But I post the info to make your check to yours.

The software he use is Macromedia Net Objects Fusion...
The site was only html static pages

[Brangwyn]

did they delete all the log files as well ? if not I would reccomend you download them and look for traces of how the hack was conducted.

It sounds like they actually got into his contorl panel as well to add the redirects ?? ... if so then I'd suspect that perhaps that actually had the password to the account

[hohios]

Unfortunately they deleted the log files

[TNV]

hohios, the server seems fine, your end user may of had a very simple password like "password" and the hacker found out about it and then just hacked that site but I am not seeing much on the server. Have you submited a ticket? If so whats the ticket number so I can take a look.