ok, i'm frustrated. here is my situation:

1)I have been hacked every month for the past 4 months, and for the last 2 months I've been hacked between the 16th and the 18th (spotlight time).
2)Our main page was downed today (5 admin, we got it back up within an hour).
3)I actually got a PING originating FROM my server last nite when i WAS NOT in any internet programs, my firwall displayed the message as follows:
--->
(TCP Port 1551) from www.oneminuteleft.com (209.249.147.131) (HTTP).
<---

odd huh? I told CWm this right away, he had little explanation either why i was getting pinged from my server.

i just wanna know what's going on. our server claims they are very secure, yet if i navigate thru the directory structure long enuf i can get into any of their hosted public_html folders (not hacking, just clicking "Up" command in WSftp.

what do u think i should do?

What exactly is happening when they hack you?

You have my full sympathy by the way.

My ISP runs a program called CGI-Wrap. It allows me to have my CGI directory set to 705 or similar. Not allowing anyone browsing the server dirsctories access to my CGI. The CGI-Wrap makes the directory act like the permissions are world writeable/executable without the risk of actually being 777. I don't know your server situation, but maybe you can get a Wrap setup for your CGI directory. Anyway... good luck. I've been hacked/deleted before and I know your pain. Hang in there.

i'm gonna play around a bit, thanx.

what happens when the hack me? usually al our cgi files fall to peices and sometimes the main pages.

Dude, if you can break out of your directory structure, your host has some MAJOR issues.

If they are REFUSING to take a look at the problems, then your host very simply sucks. Go find a host that's actually competent...

web2010.com offers 1024 bit security. OML, in IE 5.5 your side pop menu hangs and won't clear away..Thought you should know. UBBDEV is having to redo theirs, maybe they can help point ya in the right direction.

[ February 18, 2001: Message edited by: C_P ]

You have my sympathy too, if you've read my recent posts here, you know that something like that happened to me the other day, and it really really really sucks..

I'm thinking one person, or a group of people really have it in for you.. I would recommend moving servers also, you should NOT be able to get into other's sites using wsftp.. Hell, the server I use, I can set it so that a user has access only to their own directory, and not even the rest of my site. So the fact you can get into other's sites, is a terrible problem, and indicative of the overall security in other areas.

The number of attacks suggest this is probably someone you know and who has a grudge against you for some reason.. I'd try to figure out a list of possibilities, and contact the FBI's office that deals with this kind of stuff
http://www.fbi.gov/programs/ipcis/intrusion.htm

That's the only link I can currently find, but try contacting your local field office for assistance.. Might seem like going over the top, but it seems to me that you're at the end of your tether, and the FBI will (hopefully) be able to help you track down who's doing this, since you can reasonably expect another attack sometime soon.

I've just been hack too, well more like 6 times this month (Check out my site site annoucement). I know how you feel man as I'm just one of the recent victim.

By the way where do I get CGI-Warp?

our server is scary, but we are under contract for 2 more months. and i know there are people out there attempting too take us out. some of the messages left on our files prove it. i remember last month we were left one in replacement of Ultimate.cgi that said:

"good luck in the competition".

makes me mad.

So it's probably someone who visits here and was a competitor in the competition? How pathetic..

You can find info on cgiwrap here: http://cgiwrap.unixtools.org/

The home page for the author of cgiwrap is here: http://www.unixtools.org/~nneul/

I didn't set it up myself so I don't have experience with that end of it. My ISP was kind enough to offer cgiwrap as a feature.

Lucia, i know what u mean. i was angry, but in the same i couldn't stop smiling cause it was so pathetic.

Make sure your host is using the latest version of CGI-wrap (which is hell, by the way. My server runs it, so you have my deepest sympathy). I'm 99% sure there have been security issues with old versions of it..

Dealing with sysops all the time I've found that mostly when they say there box got "hacked" the screwed it up some how..
On a typical unix machine you should be able to view the entire dir structure of the system but its dynamic and you won't be able to view things like /etc/passwd it will just show an x where the password should be...
And as for the sever pinging you, well if you put a firewall up and just surf the net you'll get ping'd and scan'd by most of the servers you do an http request from...

Thanks for the CGI-Warp link Stilgar.

my pleasure. Heed Borg's word and make sure you have the latest version.