got Phishing files uploaed to my site by hacker and hosting company wont delete

Discussion in 'Hosting' started by tom182, Jan 28, 2014.

  1. tom182

    tom182 New Member

    Hi,
    this seems odd, on Sat morning i got email from google and phishlabs.com saying that "A phishing site was found to be operating on your network"
    I had a look in folder and yes there were php files uploaded to a folder "uploads" on my site, 'Uploads' was originally created by myself for catching online submit files (work related stuff)
    I immediately got onto hosting company, tech guy on email support said he'd elevate it to engineer, that was Saturday, checked today and files still there, i rang them and they said that they hadn't removed as they prefer to keep these dodgy php files there but make them 'inactive' and that hacker would most likely upload again. I would had thought that if I make folder "non writable" or delete it (i believe it was set to 777 ) then i should be OK,

    Does the Hosting company's stance on this make sense, I would have thought cleaning out would be the first thing to do - followed by checking folder permissions
    thanks
     
  2. mneylon

    mneylon Administrator Staff Member

    I've no idea which hosting provider you're dealing with, but we would often change the permissions on these kind of files so that they're disabled. We can then examine them to see what they're doing (or trying to do) and see if it's a new attack vector.
    As a user you wouldn't have the level of access to set the permissions low enough ie. 000 - which is what we'd often do with folders / files
     
  3. writie

    writie New Member

    I have occasionally come across things hosted on the server purely by accident. In addition to tightening password security and the like, I occasionally use FTP to see if I come across anything unusual. It's a lo-fi approach only to be used as a third line of defence.

    M
     
  4. writie

    writie New Member

    I have occasionally come across things hosted on the server purely by accident. In addition to tightening password security and the like, I occasionally use FTP to see if I come across anything unusual. It's a lo-fi approach only to be used as a third line of defence.

    M
     
  5. mneylon

    mneylon Administrator Staff Member

    If you're using a CMS / blog there are 3rd party plugins you can use that will run scans / checks to make sure that files haven't changed etc.,
    You can also look at some of the 3rd party scanning services ie. run a quick (free) scan to see if there's anything odd showing up
     

Share This Page