Re: FN-FORUM: Hacked homepage

date posted 18th March 2008 10:11

>> Are you running any well-known software, such as for forums, photo
>> galleries, CMS, etc. that hasn't been kept up-to-date with security
>> fixes? Is the server's OS up-to-date with security fixes?
>
> Well, we're running WordPress, but it's not connected to the homepage.

It doesn't have to be connected to the homepage, it just needs to have a
vulnerability and be accessible from the internet: Script kiddies will be
happily requesting the usual URLs for such software, just to see if
there's an old installation left lying around. You'll probably see lots of
such requests in your "page not found" logs...

Two broad possibilities:
1) You've been cracked via a vulnerability in software installed on your
site.
2) The shared server has been cracked with a rootkit, via a vulnerability
in software installed on any site on the server.

The latter is much more serious for Fasthosts, and no amount of password
changing will help. The former is probably more likely, and much easier to
fix by upgrading the software or removing it if it's not used.

HTH,

Anthony
--
www.fonant.com - Quality web sites