Timeline for Found suspicious, obfuscated PHP file. Is this a hack attempt on my website?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 18, 2016 at 17:15 | comment | added | le3th4x0rbot | @Scott In this case deleting all of your files will get you back to a security level comparable with normal shared service. Any user of the machine might be malicious and could attempt privilege escalation at any time, so it is probably futile to wonder if this attacker attempted it too. Have you considered hosting where you get a private VM? AWS has some pretty affordable options. | |
| Feb 17, 2016 at 22:22 | comment | added | Kevin_Kinsey | As far as your site is concerned, all you can do is what you've said, "blow away all files and reupload" ... but you should do 2 things first: 1. Find the hole and close it if possible. Your site's code should be thoroughly examined. However, realize that it may be possible that someone ELSE's site was compromised and you're a victim of THEIR bad luck. 2. DTRT! Contact your hosting svc & inform them! They should take you seriously; after all, since it's a shared machine, > 1 of their customers will be affected. If they don't take you seriously... it IS time to find a new host. | |
| Feb 17, 2016 at 21:53 | comment | added | Scott | Well, this web site is running on a shared server, over which I have no control. I can't ask the hosting company to do a clean OS install. So what are my options? Sounds like it's not sufficient to just blow away all files and directories in my account, then re-upload the site. Do I just need to put the site on a new hosting account? | |
| Feb 17, 2016 at 20:16 | review | First posts | |||
| Feb 17, 2016 at 20:20 | |||||
| Feb 17, 2016 at 20:13 | history | answered | le3th4x0rbot | CC BY-SA 3.0 |