Hacked again (pt.2)

I got back from Cellardyke tonight to discover that my site had been hacked once again. This time I didn’t delete the files they’d dumped on my server; I’ve zipped them and sent them to my webhost for examination.

I’m now wondering if they’ve used a Linux kernel exploit to gain root access to the server. That’s pretty serious stuff, and if that is the case then I do hope my webhost get the kernel patched asap. If it’s not, then I hope they help me get to the root of this problem.

6th Wedding Anniversary

Yesterday was Jane and my 6th wedding anniversary. Iron and sugar, seemingly; Mum and Jenni gave us some chocolate raisins.

I spent the morning and early afternoon at a funeral in Selkirk; Jane spent the morning at the vets, and the afternoon at the zoo with friends. In the evening we drove over to Cellardyke (in separate cars) with friends Jonny and Emma and their family, ate fish and chips around the dining table, and watched fireworks over Anstruther.

Six years since we got married, on Sunday 25 July at St Thomas’s, Corstorphine. We’re taking antihistamines this year, seemingly it can get a little itchy.

Hack source found

The nice folks at Pipex emailed me this evening to say that they’d located the source of my website hack, from my website logs. It appears that on 9 July someone exploited a vulnerability in an old version of phpBB (I think it was 2.0.8) that was still residing on my server (albeit not being used).

The phpBB vulnerability allowed someone to upload a file (or files) to my server and execute them. I’ve no idea what they’ve been using them for: DOS attack, spamming, or just a simple site hijack?

I deleted phpBB from my server a couple of weeks ago, but too late! This evening I updated the phpBB forum on the exNYCgb website.

I got hacked!

I’ve just sent an email to my webhost, HostEurope/Pipex, to ask if they can shed any light on how/why my website got hacked. This morning I received this email, written at 19:42 last night:

Check this address – some one has invaded your site
Kathryn
https://www.garethjmsaunders.co.uk/index.html

and sure enough, my website front page had been replaced with a two word plain text file that read “F*ck .uk” (but with no asterisk).

I’ve now replaced the offending/offensive page with my original page and will await to see if Pipex can shed any light on how or why it was hacked, and what I (or they) can do to prevent this in the future.