One of my friend's website has been hacked. He runs his website on a linux server.
The hacker has managed to overwrite his index.html file only, leaving other files intact. His password consist of 25 characters with alphanumeric and symbols so its not possible to crack his password hypothetically. Even though it was, the hacker would have deleted all his files or could have done more damage to his account.
So, I was wondering if anyone of you have any idea on:
1) How did the hacker replace the index file without knowing the password?
2) What measures can my friend take so that this does not happen in future?
Many thanks in advance.
What apps are installed on the server and is each app up to date with whatever version is the current stable version for each app?
Yes they are all up-to-date
This sort of attack has been discussed many times before on this forum, so I'll not reiterate possible causes and cures, but would mention that ftp is nowadays a common point of entry via gumblar variant viruses/trojans - brute forcing isn't a factor
Looks like the site is using the good 'ol Frontpage Server Extension as i have seen tons of similar defacements from these guys on these types of sites/servers. if this is the case, you people are begging for a deface...
What's the most secure FTP to help combat this?
Originally Posted by EastCoast
You should use SCP/SFTP. FTPS is an option too, but due to the nature of FTP protocol it is difficult to set up (at least in active mode), that is why scp/sftp is more commonly used.
What if you just got a VPN router?
Would that help make things more secure?
It depends. If you can VPN to server, then you do not really need VPN router for that. VPN router is more usefull if you must have permanent secure connection to remote server for it to be acessible just like any computer on LAN not only through FTP but possibly Xwindows, RPC etc.
Traffic from your computer to VPN router still would be unencrypted - so anyone in your subnet could potentially eavesdrop. Only the portion between VPN routers (or router and server - that really depends on type of VPN you are going to use) would be protected.
My computer is about 3 feet from my VPN router so if I see anybody in my office trying to hack the connection...I'll shoot 'em :D
Originally Posted by Aleksejs
I'm in Texas, so this would be perfectly legal...