[members at lugog] OT - but need advice - my web site has had phishing pages added

[Graham Smith]

Sean,

Thanks, but I don't have another server to move it to, at least not 
immediately, as I would need to sort out a new provider.

I think you may have misunderstand my "idiot user software comment. I 
don't mean server software, just that I used RapidWeaver to create and 
upload the web site, or do I misunderstand.

I was hoping that purplepaw would have taken on board the security checking.

I could delete everything in the public_html/www directories, its only 
three pages of a web site, so no massive deal.

Graham

On 17/08/10 20:33, Sean Miller wrote:
> You want to find out if your server has actually been compromised...
> it is possible that the script has installed backdoors so that
> whatever password you now set they will still be able to get in.
>
> The best advice, I think, if you're not au fait with server security
> etc. is that you move your website to another server ASAP, making sure
> when you do that there are no scripts left within your own document

> root (ie. /public_html or /www etc.)...
>
> Then look at what you've got installed on that site and how the people
> might have got in.  Because there may be a vulnerability in the
> scripting -- sadly "idiot user software" is often used across the
> globe by huge numbers of people, hence it is a very attractive target
> for hackers to find ways into... more bespoke sites aren't so
> lucrative because hacking into one site is "cool!" but finding a way
> to hack into 20,000 is "cooler!" ;-o
>
> Sean

-- 
--
Graham M Smith
graham.smith at myotis.co.uk

Station Cottage, Station Road
Binegar, Somerset
BA3 4UQ