My photoblog's been hacked !!

[umar]

I was quite surprised and upset when I went to my admin login page and saw that I've been hacked.

How can I go about fixing this, and what can be done to prevent something like this from happening in the future?

Would appreciate it if someone from e2 could help me out, since I'm assuming they're the ones to "make your security the highest next time dude".

[umar]

update: I've just reuploaded the index.php files (had a backup thankfully)... but I still want to know how this happened and how to prevent it.

unfortunately this happened to you
unfortunately you are not the only one
this topic was discussed here in the forum already in extenso
7 of my pages have been hacked in the last time (not Pixelpost... )
this happens because of old insecure scripts, wrong server configuration to name a few

you can find some answers in our wiki, look for the chapter "security" and here in the forum as well

if you are into php and scripting, you will find a lot of websites around as well, do a search for "mysql injection, hacking, Cross-Site-Scripting etc."

I am sure with the new version you will be safer

[umar]

Thanks for the links, will check them out.

I emailed eleven2, and received this reply:

Quote:

Hello,

There was a security vulnerability released earlier this week and we were in the process of updating all servers. However, in this process one of our servers was exploited. We have patched the vulnerability on all servers and this is impossible for this to happen again. This secuity issue is definitely quite serious, but it certainly could have been worse given that only an index file was deleted. Sorry for the inconvenience and thank you for your cooperation.

Thanks,

Eleven2, Inc.

If I had known that you are hosted at eleven2, I could have explained in more detail

that hacking happened at many hosters, at my side there were kurdish hackers.

There is one very fast help at your side:
reload ALL index-files to your webspace again

all index-files (index.htm, index.html, index.shtml, index.php, index.cgi) whichever you have
because they overwrote all these files

remember that you have a lot of these files, I forgot one or two of them the first time

I also asked the hoster of the files which are linked in these hacked pages (video, sound etc.) to delete that account

when I did a websearch for the text which was placed on my page, I found more than 500 affected pages...

please take note that they did not exploit a weakness of Pixelpost, they just overwrote "our" index.php

these idiots are just fools which are clever enough to find security holes and exploit them but not clever enough to fight for a better life with peace and without war