Home > security, web 2.0 > website hacked and used for phishing scam

website hacked and used for phishing scam

Yesterday one of my friend called me up and said, “hey, I am in a big trouble, don’t know when (probably few days earlier) some one hacked my website and used it for Citibank phishing scam, and today I got an email from domain registrar that the domain name is suspended, because their had been several complaints of spam and citibank scam, can you please login to my server and analyse logs and inspect when and how all this happened”.

It was a horrible news for me because it was me who helped him setting up Apache virtual hosts, ftp and other stuff on his server, it’s a dedicated server with Debian Etch 4.0 running on it, after inspecting Apache logs it broke out to me that his server was poisoned with a C99 shell script, this script was injected due to a remote file inclusion vulnerability in his PHP code, for those who don’t know much about what is C99 and how Remote File Inclusion works,  check this link.

It’s really ridiculous if your website get hacked and is being used for a scam, so after a little search i found some interesting articles/posts explaining possible ways to protect your website from such vulnerabilities. If you are running a  website you must check out these links

more over, i will greatly appriciate if you have any advice/tips/story to share 🙂

Advertisements
  1. Jony
    August 6, 2010 at 4:17 pm

    I installed once Centos 5.4 for server machine. I install it afternoon, after driving back at home, in evenning i want to relogin remotely for rest installation.

    My root access was hacked.

    – SSH and Normal password in public is very risky, i cant belive today still, so quickly somebody hacked it from russian ip network.

  1. December 2, 2008 at 6:22 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: