Hi
I'm concerned about something.
One of my users has a site on his ibay, and for some reason the index file keeps getting changed or corrupted.
I'm thinking it got hacked or something.
The index file he is using is a flash and java template, so no php stuff should be in there, however an index file gets written and I see stuff in the index file like php and smarty 2.14 php etc.
I did a google search and smarty is some sort of template engine thing. I know he is not using that to build his website.
Here are some things in the logs I'm concerned about;
Jul 1 09:56:16 auction proftpd[14560]: auction.foolishlys.com (66.249.72.49[66.249.72.49]) - ANON cyber86erxspaces: Login successful.
Google is telling me some stuff here that I don't understand:
http://www.robtex.com/ip/66.249.72.49.htmlAnother entry here:
Jun 9 05:51:24 auction proftpd[5593]: auction.foolishlys.com (66.249.65.130[66.249.65.130]) - ANON cyber86erspaces: Login successful.
I used the ibay name as an example, cyber86erspaces is not the real ibay name, just fyi,
Anyhow what other logs should I check to see if it's been hacked. And how to tell when the index.html file was changed uploaded then changed etc.
Is there a log for checking the individual file status ? or something ?
Please advise thanks
Next question is how to stop this if it's been hacked ?
4 Replies
1422 Views