Someone this morning was able to successfully add a index.html file and a file called installasi.php. I'm on a dedicated server, my main site i'm talking about is www.ffxionline.com .
The index file contained:
Hacked by Metlek
and some image of war.
and the installasi.php had:
/* (c)AnGGands ON #CIREBONHACKER IRC DAL.NET
0/* RST/GHC http://anggands.biz
/* ANY MODIFIED REPUBLISHING IS RESTRICTED
I have no idea how they were able to access my main ftp to transferr those files, they didn't touch anything except for the added index.
Anyone have an idea how they were able to add thoes files? I have took the measures to disable all my ssh on all 10 accounts i have except my main one, and changed the passwords to all of them to a randomly generated password. the php script detected as a virus on my PC scanner, so I disabled it and downloaded and viewed it with my notepad. It seems like it tries to connect to mysql using password list and brute forcing.
Anyone run into a similar situation? This really ticks me off. but i'm glad they didn't do any damage. What should i be checking for? i checked all the directories and seemd normal for now.