I've now been hacked! - Page 3

Zerxer · December 21st, 2007, 6:41 PM

Quote:

Originally Posted by JadedSouls

They must have messed with that as well as that wasn't even in there. I've now added it. but I'm not sure if the .htaccess file that is currently correct as I'm not sure what it's supposed to look like in the first place..

It's not "supposed" to look like anything, really. It's all done by you, or by cPanel if you setup certain things like 404 pages. Just adding "options -indexes" should be good enough, and it's not there by default so if you never put it there then they didn't remove it. It just sets it so if they try to view a folder like /images/ and there's no index file in there, it will give them a 403 Forbidden page.

If there's a certain folder you actually want people to be able to browse in, you can add a .htaccess file in that folder and put "options indexes" (I think) without the - and it will let them see that one but still disallow the others.

**MarkRH** · December 21st, 2007, 10:39 PM

The top of your .htaccess file should look like this:

Code:

Options All -Indexes

<Files 403.shtml>
order allow,deny
allow from all
</Files>

I do know that in my case, it was not in my .htaccess file by default. It was the first thing I did as soon as I could access my account with Surpass. That Files bit is in there so that any IP addresses that you deny access to your site will still be able to see your 403.shtml forbidden error page.

**MarkRH** · December 21st, 2007, 11:09 PM

Oh.. to turn indexes back on for particular directory, you would use "Options +Indexes" in the .htaccess file in that directory. Note: by doing this, they can also see the contents of any directories below it as well.

JadedSouls · December 22nd, 2007, 9:40 AM

Gotcha!!

That's what it looks like now up at the top and then there is a ton of ip's that I had used the IP Deny Manager to ban from accessing my site and they're all listed there..

thanks for all the help guys - tremendously appreciated!

JadedSouls · December 22nd, 2007, 4:23 PM

Ok, I did everything y'all said and I got hacked again.

I tried changing my password again just now and I get this error:

Changing password for user jadedso.
Changing password for jadedso
(current) UNIX password:
passwd: Authentication token manipulation error

I'm not running any scripts that I haven't had in the last 3yrs and they're all by trusted software companies or coders.

I don't know how it happened yet again?

JadedSouls · December 22nd, 2007, 4:25 PM

also, does anyone know what kind of file a "clam.out" is? I have no idea if it was there or not before..

**Roxy** · December 23rd, 2007, 1:16 AM

Oh no, how horrible. No I've never seen or heard of a file like that before? You should submit a ticket to support if you haven't already regarding a password change, since you are having problems.

Whoever is hacking you is a real jerk. =(

JadedSouls · December 23rd, 2007, 1:56 AM

Quote:

Originally Posted by Roxy

Oh no, how horrible. No I've never seen or heard of a file like that before? You should submit a ticket to support if you haven't already regarding a password change, since you are having problems.

Whoever is hacking you is a real jerk. =(

I don't know if it's the same person or not but it's annoying. I mean, it only takes me like 30 seconds to find the files they get in there but that's not the point *lol*

They had told me if I had more problems to just reply to the closed ticket from this morning and it would open back up again and I put in the error I got when trying to change my password..

Santa is NOT gonna visit them this year! haha

**Roxy** · December 23rd, 2007, 2:19 AM

No he is not!

Hopefully support will help you through this! If I find anything, I'll be sure to post here. =)

December 21st, 2007, 10:39 PM	#20 (permalink)
MarkRH Race Surpass Super #1 Joined in Jul 2006 Lives in Oklahoma City, OK Hosted on sh102 1,222 posts Gave thanks: 18 Thanked 86 times	The top of your .htaccess file should look like this: Code: Options All -Indexes <Files 403.shtml> order allow,deny allow from all </Files> I do know that in my case, it was not in my .htaccess file by default. It was the first thing I did as soon as I could access my account with Surpass. That Files bit is in there so that any IP addresses that you deny access to your site will still be able to see your 403.shtml forbidden error page. __________________ SH102 : Mark Headrick - Blog - Gallery Pelicar \| Company of Valor \| Mysstie Wolfestar

December 21st, 2007, 11:09 PM	#21 (permalink)
MarkRH Race Surpass Super #1 Joined in Jul 2006 Lives in Oklahoma City, OK Hosted on sh102 1,222 posts Gave thanks: 18 Thanked 86 times	Oh.. to turn indexes back on for particular directory, you would use "Options +Indexes" in the .htaccess file in that directory. Note: by doing this, they can also see the contents of any directories below it as well. __________________ SH102 : Mark Headrick - Blog - Gallery Pelicar \| Company of Valor \| Mysstie Wolfestar

December 22nd, 2007, 9:40 AM	#22 (permalink)
JadedSouls Jezebel From Hell.. Comfy Contributor Joined in Sep 2004 Lives in Canada, eh? Hosted on SH131 143 posts Gave thanks: 7 Thanked 1 Time in 1 Post	Gotcha!! That's what it looks like now up at the top and then there is a ton of ip's that I had used the IP Deny Manager to ban from accessing my site and they're all listed there.. thanks for all the help guys - tremendously appreciated! __________________ [SIGPIC][/SIGPIC] Jaded Souls \| A Haven For Creative Chaos You're so jaded.. and I'm the one who jaded you! Server: SH131 Serverload:

December 22nd, 2007, 4:23 PM	#23 (permalink)
JadedSouls Jezebel From Hell.. Comfy Contributor Joined in Sep 2004 Lives in Canada, eh? Hosted on SH131 143 posts Gave thanks: 7 Thanked 1 Time in 1 Post	Ok, I did everything y'all said and I got hacked again. I tried changing my password again just now and I get this error: Changing password for user jadedso. Changing password for jadedso (current) UNIX password: passwd: Authentication token manipulation error I'm not running any scripts that I haven't had in the last 3yrs and they're all by trusted software companies or coders. I don't know how it happened yet again? __________________ [SIGPIC][/SIGPIC] Jaded Souls \| A Haven For Creative Chaos You're so jaded.. and I'm the one who jaded you! Server: SH131 Serverload:

December 22nd, 2007, 4:25 PM	#24 (permalink)
JadedSouls Jezebel From Hell.. Comfy Contributor Joined in Sep 2004 Lives in Canada, eh? Hosted on SH131 143 posts Gave thanks: 7 Thanked 1 Time in 1 Post	also, does anyone know what kind of file a "clam.out" is? I have no idea if it was there or not before.. __________________ [SIGPIC][/SIGPIC] Jaded Souls \| A Haven For Creative Chaos You're so jaded.. and I'm the one who jaded you! Server: SH131 Serverload:

December 23rd, 2007, 1:16 AM	#25 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,660 posts Gave thanks: 81 Thanked 128 times	Oh no, how horrible. No I've never seen or heard of a file like that before? You should submit a ticket to support if you haven't already regarding a password change, since you are having problems. Whoever is hacking you is a real jerk. =( __________________ Roxanne Urban Roxy -Personal Blog SH63 - the best darn shared server!

December 23rd, 2007, 2:19 AM	#27 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,660 posts Gave thanks: 81 Thanked 128 times	No he is not! Hopefully support will help you through this! If I find anything, I'll be sure to post here. =) __________________ Roxanne Urban Roxy -Personal Blog SH63 - the best darn shared server!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search