Surpass Web Hosting Forums - View Single Post

krazykat · June 27th, 2008, 9:17 PM

One of our customers has informed us that their site has been hacked. This has been going on for a few days now.

I've already told the customer to change all their passwords, disable anonymous ftp, and uninstall Front Page extensions... and even after changing the passwords and completing these tasks, the hacker still manages to change the website.

We now have a screenshot of the unauthorized ftp session with the hacker's IP address (I've blocked the IP address from accessing the website in the mean time). It is very subtle the changes that the hacker makes to the website, however completely unwelcome and unauthorized.
The customer says that she is the only one with the access to the account/passwords...she has emailed to me the screenshot of the unauthorized ftp session (the hacker had used the main ftp account login) and also copies of the access logs (all forwarded to support).

Is it possible that ftp sessions can be sniffed by hackers? I would like to know if anyone else out there has experienced this and also how we can make our ftp sessions more secure... and what recourse we have at this point, other than just blocking the IP from accessing the site.

I've submitted a ticket to support already ...Ticket ID: XGT-892175

I truly appreciate any advice anyone can give.

June 27th, 2008, 9:17 PM	#1 (permalink)
krazykat Registered User Fresh Surpasser Joined in Jul 2005 Hosted on Pass38 11 posts Gave thanks: 5 Thanked 0 times	One of our sites has been hacked! One of our customers has informed us that their site has been hacked. This has been going on for a few days now. I've already told the customer to change all their passwords, disable anonymous ftp, and uninstall Front Page extensions... and even after changing the passwords and completing these tasks, the hacker still manages to change the website. We now have a screenshot of the unauthorized ftp session with the hacker's IP address (I've blocked the IP address from accessing the website in the mean time). It is very subtle the changes that the hacker makes to the website, however completely unwelcome and unauthorized. The customer says that she is the only one with the access to the account/passwords...she has emailed to me the screenshot of the unauthorized ftp session (the hacker had used the main ftp account login) and also copies of the access logs (all forwarded to support). Is it possible that ftp sessions can be sniffed by hackers? I would like to know if anyone else out there has experienced this and also how we can make our ftp sessions more secure... and what recourse we have at this point, other than just blocking the IP from accessing the site. I've submitted a ticket to support already ...Ticket ID: XGT-892175 I truly appreciate any advice anyone can give. __________________ ~krazykat~ Pass38