Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: Were we hacked?  (Read 3483 times)

ens

  • Sr. Member
  • ****
  • Karma: 12
  • Posts: 279
    • http://www.meatysite.info
Were we hacked?
« on: June 08, 2007, 01:58:43 am »

Hi guys,

I have said before (I think) that I really don't deal well with security... so here goes.

Lately, a site I have up and running on a subdomain (of a domain I own) has not been working at all. The hosting uses Plesk.

What happens is that I try to access the subdomain through the browser and it waits a while, then the default plesk page shows (like default cPanel page). I try to log into the subdomain's FTP account, no luck (timeout).

Then, I log into the root domain's FTP account, it works, but there are folders in the root, i.e. before public_html or httpdocs, that will not allow me access to even though I am the administrator. All files on the server now appear in the browser as "not found".

For example, if I have in the top domain a file called hello.jpg, and I try to access it through the browser, it's not found.

Now, I try to navigate to the folder where the subdomain lies and whoa, it's not allowing me access.

The subdomain was running sNews 1.6.0 if that's any help.

Maybe it was hacked in some way?

Any help appreciated.
Logged

Joost

  • Guest
Were we hacked?
« Reply #1 on: June 08, 2007, 04:52:17 am »

If you don't have access to a certain folder, it means the folder is 'owned' by someone higher in command: Apache or root. The folder or directory might be owned by Plesk. It depends on the server configurations.
Root is the master of everything on the server. It permits us (users), to control/own a tiny bit of harddisk and resources. The user can do the same thing with the files and directories he owns. He can permit the public to read, execute or even write to a file or directory (of course you don't want the public to write on the website).
When you log in through ftp, You identified yourself to be the owner of the webspace and you can touch and change everything what's yours. Visiting your webspace through the browser and not being able to log in, you are considered to be 'public' and you can only see what is permitted to read.

I don't know why your website isn't accessible, maybe just a downtime of the server. Try later.
A nice tutorial about permissions: http://www.zzee.com/solutions/unix-permissions.shtml
Logged

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
Were we hacked?
« Reply #2 on: June 08, 2007, 11:00:57 am »

Quote from: ens
...
What happens is that I try to access the subdomain through the browser and it waits a while, then the default plesk page shows (like default cPanel page). I try to log into the subdomain's FTP account, no luck (timeout).
...
Very much likely that the server was down for a while, you know the clients of Plesk is prolly not on one server all of them, but several, and the one you're at might have been down. This happens from time to time, and when it does, contact the provider and just ask them flat out if the server you're on is having problems, bet'cha the answer these times is going to be a YES.

I have suffered from this occasionally, and only access through FTP, or not even that from time to time (in my case only a few hours at the time), and it has always been server downtime causing this... So, contact your provider and get appropriate info, and then rush back here and post what they said.
Logged
"It's only dead fish that goes with the flow... "
Updated

ens

  • Sr. Member
  • ****
  • Karma: 12
  • Posts: 279
    • http://www.meatysite.info
Were we hacked?
« Reply #3 on: June 08, 2007, 01:16:01 pm »

Yes thanks you two, but it's been almost a week now that this has been going on. And the subdomain is the only one that displays the default page.
Logged

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
Were we hacked?
« Reply #4 on: June 08, 2007, 01:20:26 pm »

Have you been in contact with your provider ? Have you tried uploading a fresh default copy of snews (rename the current one's eg index_original.php, and so on) and see if that is visible, if so, there is most likely something wrong with your original copy, if not, it's the provider...
Logged
"It's only dead fish that goes with the flow... "
Updated

Joost

  • Guest
Were we hacked?
« Reply #5 on: June 08, 2007, 02:22:22 pm »

Quote from: ens
Yes thanks you two, but it's been almost a week now that this has been going on. And the subdomain is the only one that displays the default page.
With  'default page', you mean an index.html page, generated by Plesk or your host? Delete that one,  it overrides index.php. In most Apache configurations, priority is set to a index.html page
To test if a directory or subdomain is visible to the public, it is always best to use a simple index.html, it doesn't even have to be valid, just create a line saying 'can I read this?' or something alike.
Logged

ens

  • Sr. Member
  • ****
  • Karma: 12
  • Posts: 279
    • http://www.meatysite.info
Were we hacked?
« Reply #6 on: June 08, 2007, 09:13:26 pm »

Okay, I have to make it clear again.

The default PLESK page is shown after 20 seconds loading the subdomain. I CAN NOT access the subdomain through FTP, and many other folders as well. I HAVE tried resetting the permissions, with no luck. I CAN NOT re-upload the sNews because I cannot even access the folder in FTP, even while using the root user, etc.

I have tried getting into "conf" in the root, no luck. "pd" is a folder in the root that nobody with access to the server recalls making.... .

Here are some screenshots.


Trying to access the subdomain through FTP


Trying to access folders in the root


Trying to access the subdomain through the browser


Trying to access an image that is 100% on the server (located in the root domain.. i.e. example.com/folder/image.jpg)

There are descriptions under each image. Please view the image larger so that you can read all the text(s). And sorry about having to blank everything out, but the domain has to "remain confidential". Oh, and my own personal stuff isn't your business ;)
Logged

Joost

  • Guest
Were we hacked?
« Reply #7 on: June 09, 2007, 08:43:39 am »

Quote from: ens
I CAN NOT access the subdomain through FTP
you mean you don't have access through domain ftp and subdomain ftp. You are also not able to set a new working password through Plesk. Then why not delete subdomain through Plesk and create the subdomain all over? If you do have a copy on your computer (database will be unharmed). Or contact the webhost.
Quote from: ens
I have tried getting into "conf" in the root, no luck. "pd" is a folder in the root that nobody with access to the server recalls making.... .
(Second picture) Like I said before: Owned by Plesk, root or Apache. That is how Plesk works. I have several non accessible 'conf' and 'pd' directories.
Quote from: ens
Oh, and my own personal stuff isn't your business
Ok, I won't ask questions  about Chris or Rachel then. :)
Logged