[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, Oct 02, 2014 at 03:28:11PM +0100, Martin Gautier wrote: > Is there anyone on the list that can help with a website I run that > being hacked currently? > > I need to try and find out how they're getting in and what I can about it. > > We have a shared folder used by the CMS for file & image management > and they seem to be accessing that and copying the contents onto > itself to fill up the server diskspace... As others have said already, there are so many things that could be going on, it's hard to help without more information. What you describe seems pretty pointless from a malicious hacker's point of view, so if this is really what's happening, I'd either suspect either someone who hold as grudge against the particular site (or its owner), or perhaps even a bug in the CMS. Or it might be a real hack and this is merely a side-effect of what they're actually doing. Is there anything else that's going on that seems suspicious? Login attempts in the log file, more website visits, increased bandwidth usage, etc. Are the CMS and all the installed plugins and themes up-to-date? These, and especially the latter, are a big weakness in most websites. Is Bash up to date? OpenSSL? Anything you can share would be helpful. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq