Site Issue Notes
I can’t figure out how exactly the malicious scripts are getting into my sites, but I have an inkling that some files had wrong permissions set, so I’ve set all folders chmod 755 and all files chmod 644, on all three domains, JUST in case. I’ve noticed they will plant new .htaccess files and files with php extensions called: date, include, base, system, contacts, layout, guest, messages, properties, report, commands, package, remove, options, time, and a few others. They are in various folders and I found a large .data folder which contained a huge source of the problem, but I’ve already deleted it before documenting it.
So far they’ve messed up custom templates on two Invisionboard forums, which I think both had improper permissions, because they didn’t touch the default templates. But when the custom templates are uploaded, they are apparently put as owned by ‘nobody’ instead of the main user so I was unable to change their permissions, I had to get my host to do it.
This script also seems to remove footer files and create porn pop-ups on various links.
I’ve come to realize the pain of going through every single file you have on 3 full functional and rather detailed domains. But the chmoding of the files and deletion of the scripts -does- work to resolve the issues.
Entry viewed times. Posted in Webdev
2 Responses to “Site Issue Notes”
December 2nd, 2005 at 4:27 pm
When I change the permissions on my WP folder the whole darn thing stops working. I’m not quite sure how to fix it.
Btw, I emailed you about the coffee thing. I’m not mad at you! I hope I didn’t give that impression, I think youre the best and you seriously should give the recipe a try.
December 2nd, 2005 at 4:50 pm
I haven’t messed with my journal here yet. This was for another domain of mine. If I can figure out a way to better secure WP (if they don’t do it first), then I’ll email you.
Don’t worry about the recipe thing. I thought I’d share it, but I didn’t remember where I got it. So I just removed it.