You are hereBlogs / David Grant's blog / My Site Got Hacked

My Site Got Hacked

By David Grant - Posted on 11 October 2006

So I go away for the Thanksgiving weekend and come home to find out my site has been hacked. The attack consisted of setting up some elaborate phishing attacks for multiple Canadian and US banks. The main damage was done at a site that I maintain for some friends of mine, namely, Will Stroet's site. It is in a subdirectory of this site, set up with a domain pointer. I had ftp access enabled to the willmusic.ca directory ONLY and so I had assumed that the attackers had come in that way, through FTP. Then I noticed 3 files in my drupal modules/month directory. That got be really worried that there is some sort of security hole in Drupal or that my SSH credentials had been compromised in some way, because there is no FTP access to that directory (or at least there shouldn't be).

So far I have changed email passwords for the 2 email addresses set up through my hosting company site5 and changed the FTP password. Next, I am going to change my Drupal passwords and ssh password.

The good news is that I haven't lost any data as far as I know. One file was overwritten but it was easily recovered from an old backup (it was a template file that hadn't changed since the last backup anyways).

Tags
umm.....why would someone
Submitted by Your wonderful sister (not verified) on Wed, 2006-10-11 17:30.

umm.....why would someone hack your site...i don't get it...just for kicks or are you some kind of special agent running super top secret stuff???

It doesn't matter what is on the site
Submitted by David Grant on Wed, 2006-10-11 19:45.

They uploaded a bunch of files that are made to look like a bank's website and then they ask for your personal info. They'll do it on any site, no matter what is on the site. See Phishing at Wikipedia.org.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <s> <img> <h2> <h3>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].
  • Insert Google Map macro.
  • Images can be added to this post.
  • You may use [inline:xx] tags to display uploaded files or images inline.
  • You may use [view:name=display=args] tags to display views.

More information about formatting options

CAPTCHA
Sorry I had to add this test to combat the spam problem.
A
E
E
2
g
F
Enter the code without spaces and pay attention to upper/lower case.

Popular content

Today's:


All time:

Recent comments

My del.icio.us bookmarks

more

Links

Navigation