Pages hacked


#1

Hey everyone,

I’ve been a Dreamhost customer for about 5 years now, and something terrible just happened for the first time a few weeks ago.

What happened was, someone hacked into my sites using xss or some similar technique, and added some malware to the bottom of practically EVERY .html and .php page I’ve got hosted here. I don’t know how they did it, but I suspect they somehow got thru the server itself.

Is there anything I can do to keep this $%&#@!! from doing it again in the future? I’d like to hear from a mod also on this. It’s cost me hours’ worth of work to clean things up.

Thanks a lot.


#2

Change all of your passwords and go back to your backups. Make sure your FTP User (in the panel) has the extra security setting turned on.

Since we don’t know what software you’re running, that’s about all we can offer. If you are running some sort of package, make sure you’re running the latest version with all patches.

-Scott


#3

Remove everything from the server. Delete your databases. Then start going through each file one by one and removing any bad code before uploading again. Also reinstall any program that uses DB and restore data from there.