I will really appreciate all the help I can get. This is the second time my site will be hacked in two months. Though this is not as extensive, it is beginning to stress me out.
Someone inserted a url into my site that leads to a phishing page. Because I had the abuse report plug in installed, one of my users was able to flag the page before it was fully constructed, thus drawing my attention to it. I have blocked that users IP from my cp and several other suspicious looking IPs.
Please I need advice on how to locate and remove the url. It is 'mysite.com/awayto/... (a long string of numbers, letters and symbols). Also how do I prevent a similar occurence in the future.
By the way my host says Oxwall has too many 777 permissions and that I should consider changing them all to 755 or stricter, but I don't know which ones to change. Also that I should consider password locking my directories, but again I don't know the first thing about that.
Please guys any ideas will help right now.
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
I need help with Phishing attacks on my Site | Forum
Team Taissa
Jun 30 '15
Ken, first of all have a look at these topics:
http://www.oxwall.org/forum/topic/29900 ,
http://www.oxwall.org/forum/topic/29922 ,
http://www.oxwall.org/forum/topic/17696
If you has a problem with /awayto/... then this is because of the third party Hide External Links plugin, deactivate it.
Here is the topic with information about permissions: http://www.oxwall.org/forum/topic/14334
If you has a problem with /awayto/... then this is because of the third party Hide External Links plugin, deactivate it.
Here is the topic with information about permissions: http://www.oxwall.org/forum/topic/14334
Ken
Jun 30 '15
Taissa, thanks for your response. I actually did a search of the forums
before posting. The topics you pointed out do not directly apply to my
situation. The hacker must have embedded their pages somehow into the
website, and this has nothing to do with a plug-in. It's just I can't
seem to find how to remove the urls that lead to their pages.
Also, I have read the write-up by Dave, and I wonder if having so many 777 permissions does not render the site even more vulnerable to hackers. My site is fast losing reputation and short off taking it down I'm not sure how to deal with this problem. I don't mind paying for expert help with securing the site.
Also, I have read the write-up by Dave, and I wonder if having so many 777 permissions does not render the site even more vulnerable to hackers. My site is fast losing reputation and short off taking it down I'm not sure how to deal with this problem. I don't mind paying for expert help with securing the site.
