close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Malware - Mobile version - we have been hacked twice

Thread began 7/19/2014 1:28 pm by rgolab68503 | Last modified 7/30/2014 8:48 am by rgolab68503 | 2755 views | 16 replies

rgolab68503

Hi Jason,

Thanks for getting back to me so quickly.

I do use HTML editor however it is only available at an administrative level. Within the admin level I am also using file upload to upload pictures. Now there are 3 levels of admin access. 2 are in use at this time. The customer had me also add in a 2nd party iframe into the site. I'm not sure if it's possible to access the site through it or not. My fear is that it could be a wordpress or drupal site. I am having him check. I know this is a long shot. Link to that page is listed in the private message.

Also, on the site is an ecart application and I have created several admin pages with data assist. The search function is also used on several product pages.

One issue i had contacted you in the past was one of two locations where pictures are being uploaded. For some reason we ended up with two folders where the product pictures are uploaded needing to be set to permissions 777, or the pictures would not be uploaded. however in a section where the page information pictures are being uploaded the permissions are 755. The 777 make me nervous. However these folders are at a 2nd level. and are behind security assist. The files they are hacking into is the index.php file and loading a .htaccess file in the route of the site.

Just so you know the first time we were hacked we changed the username and password for the FTP as well as the MySQL password. Both complicated. This time the service provider also changed the place where the site resides on the server to see if they are in fact coming in some back door however this one test site is the only one they have attacked on the server.

Not sure if this means anything however they were able to change some of the ownership to be Apache driven. I can ask for more info on what they found there.

Overall it's just a frustrating experience, especially since we were hoping to go live in a week or so after proofing the content. But now should we wait a few weeks to see if they come back?

Not sure if I covered everything here or not. Let me know if you need more information or files. Thanks in advance for your help.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...