Server issues? or hacked?


#1

Okay, I’m quite the newbie.

So, new I just got yelled at for posting this in the comments of the “status” page. I was told that’s just for bitching.

Apparently I should post here.

I sure hope someone can help me answer some pretty simple questions. My site, gayspeedway.com is blank, no error messages, nothing just a blank white page. Is this the definition of a “site being down”?

This site was FINE on the 24th, yesterday morning around 9amEST was when i realized the site was blank.

My webpanel says, a few things: my “machine” is gravano. Is this the same thing as a “server”? (It’s not on the list of effected “servers” on the status page.

How do I find out if i’m on Janky or frisky?

I try and reach my site through the “backend” gayspeedway.com/recipes or /blog or whatever and there IS content there.

When I try and “log in” as Administrator, it can’t find ANY of my USER names and passwords.

Webftp shows all the files seem to be there, but I notice that the .htaccess file was modified at 7am on the 24th.

Now I did NOT do this.

I sent in a couple tickets to support, and i notice I don’t get the automatic reply that they’ll “get right on it”.

I want to fix these problems but alas, I’m not sure where the issues are.

ANY thoughts and advice are greatly appreciated.


#2

Look around in the htaccess file since you mentioned its recently modified. When I type that URL with htaccess its showing me what looks like a landing page w/ popup and (eww) images.

Is that supposed to be the default page, or is that someone else’s site entirely? There might be some clues in there (or maybe not).

Anyway, it looks like that file should be CHMOD’d to restrict public access. Then make sure it follows the syntax of a good htaccess rather than trying to display its own landing page…

~
website building website building & dreamhost coupon codes
my obligatory dreamhost coupon


#3

Well, it’s not “down” in the sense that the server is responding to requests. That said, it is is definitely broken. That makes few of the questions that follow “pretty simple”. :wink:

Yes, “gravano” is your server. As for “Janky or frisky”, use the “account status” link at the top, right of your account control panel screen and click the “Account Status” link to see additional information, and look at the “email server” (it may be neither of those).

I see no content at gayspeedway.com/recipes or /blog either.

If you have sent in support tickets, then they will respond to you. We do not send out automated acknowledgment of support submissions, so not receiving one should not be a reason for concern.

–rlparker
–DreamHost Tech Support


#4

If your .htaccess is world writeable then it’s quite possible someone has purposefully changed the information so that the site appears blank, but it might also be due to the script you’re running changing it itself and failing miserably. As independant suggests, ftp into your domain directory and check the permissions on .htaccess

I was the bloke who left you the note on the status page btw. The “@islandog” part isn’t an angry face, it’s an indicator that the comment was specifically for your information (@ you) and not a general moan about the current discussion on the page itself.

Maximum Cash Discount on any plan with MAXCASH


#5

thanks to everybody for the reply.
RLPARKER:
I try and reach my site through the “backend” gayspeedway.com/recipes or /blog or whatever and there IS content there.

I agree, the backend is now broken too, it wasn’t earlier but it is now.

Okay, that said, this is what I know.

The “coder/designer” I hired two weeks ago, and fired on Monday HAD access. I locked him out, by changing the passwords. I didn’t change the users tho’

I suspect he may be culpable anyway.

Last week he was working on a splash page to load JUST before the frontend of a PHPfox site.
you know a little thingy saying click here if you are over 21. Or Exit.

Could he have still gne into the site somehow and hacked into it? It seems one thing he did find out was this:

"Ive also been working on a different bug the last few hours……

I noticed this when I was mucking around with the menu….

Remember how there was something funny going on with the sessions?
Theres a security hole allowing an attacker to log on…"

Apparently, he may very well have used this hole himself?

Any thoughts?

regardless, what would the correct settings on the htaccess file be?

Lastly, If there is ANY way to determine if HE did this the NYS police are very interested in prosecuting.


#6

Apache logs all connections to the server. If he’s a vindictive coder rather than a hacker then chances are reasonably high that he mightn’t have used a proxy and the IP trail will be in plaintext for you to ascertain if he actually is the culprit.

Maximum Cash Discount on any plan with MAXCASH


#7

Well, the first thought that comes to mind is that a “coder/designer” who borks a site while working on it is not necessarily “criminal” in doing that - he/she could just be of questionable competence.

The fact that they were working on a site, and badly broke it in doing so, is a fact of life, and it happens all the time, but it is only “criminal” if it is malicious or is an act of intentional vandalism (you know, like using “blink” or “marquee”, or a gratuitous use of flash, or auto-playing sound from a page, etc :wink: ).

Seriously though, for his/her screwing up your site to be of interest to law enforcement, there needs to be a clear and provable intent to be destructive and absent that being clearly present, the issue is more properly a civil issue where damages might be involved rather that criminal, where someone could go to jail.

Determining what he did is probably more relevant to fixing the issue than it is to the criminality of his actions, and that is where I would focus my effort.

–rlparker
–DreamHost Tech Support