Old 22nd April 2007, 21:25
shajazzi shajazzi is offline
Senior Member
Join Date: Dec 2005
Posts: 125
Thanks: 2
Thanked 3 Times in 3 Posts
Default hacked by By BeLa & BodyguarD

I am running suse 9.3 and ispconfig.
I run rkhunter regularly and never found any problems with root kits until today when all sites on my server had been hacked by By BeLa & BodyguarD
I then ran rkhunter and found nothing unusual.
Then i started to check all the files and folders in one of the sites and found that the index.php had been hacked. I replaced it with a backup and bingo i am back in business.
Is there anyway that i can find out how the hacker managed to penetrate my servers security?
By the way I googled By BeLa & BodyguarD and found that this hacker was mainly concentrating on hacking forums

Reply With Quote
Sponsored Links
Old 23rd April 2007, 10:48
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts

By which linux users have the replaced files been owned?
The apache user? Do you run PHP as mode_php or SuPHP?
Do you use PHP safemode on and is your PHP up to date?
Are all the replaced index.php files from a specific Conetnt management sytsem like drupal, wordpress, typo3,... ?
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Old 26th April 2007, 00:49
shajazzi shajazzi is offline
Senior Member
Join Date: Dec 2005
Posts: 125
Thanks: 2
Thanked 3 Times in 3 Posts

The replaced files are owned by
User: wwwrun and group www,
PHP runs as mod_php
php save mode is off
rkhunter now shows php4 is not up to date
All site are running on mambo and joomla

I have notice quite a few issues since i did an apt-get upgrade on this server.
YAST ONLINE updater shows an update for php4 and updates successfully
but when i run rkhunter again it shows php4 is not upto date.
I have another server ready to run with suse 10.0, i know what you are going to say, why didn`t you install debian, the answer to this is that i could never get it to install properly on my 64bit systems and had similar problems with ubuntu. So it looks like i am stuck with suse for the time being , which i am happy with. I also have a copy of xandros linux, puppy linux and damm small linux among many others but cannot find any decent server setup suggestions around at the moment so i will leave them for later date

Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft hacked? sjau Smalltalk 3 2nd November 2006 18:20
Postfix hacked cvine Server Operation 3 5th August 2006 09:13
Debian server hacked TheRudy Installation/Configuration 2 16th July 2006 10:35

All times are GMT +2. The time now is 00:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.