|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 96
Members: 0
Total: 96
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help, how is this person doing this? |
|
Posted: Wed Nov 05, 2008 5:46 am |
|
|
Cablekid |
Advanced user |
|
|
Joined: Jul 14, 2007 |
Posts: 85 |
|
|
|
|
|
|
|
Hey! My buddy owns a site, and now some dude on aim messaged him and was saying to pay him for security updates, of course he said no because everything is updated and their is no exploits out the only thing he has is the latest word press.
Its on a dedicated host, and the guy then created a folder on the server somehow.
Any idea how i cna try to reattempt this or some how figure out how he did it?
Don't really wanna pay 20grand to this stalker dude. lol |
|
|
|
|
Posted: Wed Nov 05, 2008 6:34 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Look at the logs.
Change every pass on this server(admin,root,ftp,ssh, ...etc). |
|
|
|
|
Posted: Wed Nov 05, 2008 9:29 am |
|
|
mge |
Valuable expert |
|
|
Joined: Jul 16, 2008 |
Posts: 142 |
|
|
|
|
|
|
|
it's also not only important to just keep your wordpress up to date but every script and application that's running on the server. it might be possible that for example he managed to get in through an old forum script or an ftp server bug and that's how he was able to create that folder. |
|
|
|
|
Posted: Wed Nov 05, 2008 1:26 pm |
|
|
lenny |
Valuable expert |
|
|
Joined: May 15, 2008 |
Posts: 275 |
|
|
|
|
|
|
|
Could the "stalker" have physical access to the machine? If you really get worried you could ask for a data-center transfer... That would probably cost a bit though, but certainly not 20 grand. |
|
|
|
|
Posted: Wed Nov 05, 2008 6:13 pm |
|
|
Cablekid |
Advanced user |
|
|
Joined: Jul 14, 2007 |
Posts: 85 |
|
|
|
|
|
|
|
Hmmm, I doubt he has physical access to the server.
I used this http://www.t1shopper.com/tools/port-scanner/
I found out these ports where open.
port 21 (ftp)
port 25 (smtp)
port 80 (http)
port 110 (pop3)
port 3306 (mysql) |
|
|
|
|
Posted: Fri Nov 07, 2008 7:06 am |
|
|
gyan007 |
Advanced user |
|
|
Joined: Oct 17, 2008 |
Posts: 106 |
|
|
|
|
|
|
|
Cablekid wrote: | Hmmm, I doubt he has physical access to the server.
I used this http://www.t1shopper.com/tools/port-scanner/
I found out these ports where open.
port 21 (ftp)
port 25 (smtp)
port 80 (http)
port 110 (pop3)
port 3306 (mysql) |
Definately change your ftp password a.s.a.p. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|