For the past month or so, I have wasted a lot of my time on dealing with hackers! That’s right. Firstly they found a way to exploit my tmp folder on the server and placed an IRC bot called emech. Thanks to Coreix - they noticed some unusual traffic and helped to stop it.
Then they managed to exploit one of my user’s site which had a weak password. I noticed that quickly as whatever they tried to do caused the apache to die.
The last part that got me furious is somehow they managed to write to my htaccess files a few lines of code that was telling google to go and index their site instead:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (Googlebot|Slurp|msnbot)
RewriteRule ^ http://dfsg.us/ [R=301,L]
Now that’s cheeky. I have no idea how they did it as the file is accessible for writing only by the owner. There is no way they know my password as if they did, they would have probably done more damage. I guess there is a new php/apache vulnerability which is yet to be reported and a patch made available for it.
For now, I disabled ftp access, installed a few programs to block IP addresses of users who attempt anything suspicious, changed all my passwords, installed a php patch for improved security and I am looking forward to wasting more of my time in due course!
Oh, the same issue has been reported by a guy over here - http://44px.net/blog/2009/02/28/napominayu-prosteyshee-pravilo-teper-i-iz-svoego-opyita
He thinks its the ftp details that got hacked – I looked through my ftp logs – nothing there on my end.
Update 05/03/2009 – Coreix was kind enough to do a audit on the server and suggested a few extra security measures that I gladly accepted to make the server extra secure. Now I can sleep at night 
And once again I will comment on how good the Coreix support is – professional, knowledgeable, polite and not trying to rip anyone off! They worked to apply all the security measures and disable the services that were not necesary etc for a good part of the day and I got charged a very reasonable ammount of money for that!
Loading ...
.htaccess权限777引起的Google谷歌不收录问题…
到服务器后台查看访问记录时,可以看到凡是Googlebots的访问全部被301转向了,而baiduspider的访问就是正常的200。
……
I have the trouble too. But Luckly only four days when I find it. I don’t know how they did that too. I have asked webmaster , he saw that it’s maybe a bug of WordPress.
Reply
Vadim Reply:
March 17th, 2009 at 7:49 am
I think you are right – only 2 of my websites were affected and both had wordpress on.
Reply