Hello,

a very strange thing happened on my account yesterday...
The directory for my download files had been renamed from "Files" to "Files1".
Moreover, as most files where not accessible, it seems that it was still possible for some people to access 1 file in "Files1" still by using "/Files/[Filename]" (maybe due to proxy caching ?).
I looked my download logs, the trouble likely started around Thursday 05th of July 2007 01:18:52 PM .
I renamed the directory 3 hours later. This morning, everything seems to be alright...

Did anyone already notice something similar happening ?

Just to be on the side of safety (for us all) change passwords on all accounts connected with Powweb (even e-mail). Check that all software has the latest patches and is as up-to-date as the latest stable version.

Here we go again. It's been three weeks of wacky events, script files being altered, directories being renamed, file permissions being altered, html pages containing links to trojan sites, log files disappearing....... It's alarming to see these each of these instances being discussed in isolation, as though each was some sort of computer glitch.

Read the article below, it's mainly about PHP and Apache, and it's about a very big hosting company, but not PowWeb. But surely hosting companies worldwide are under attack.

http://www.linuxworld.com.au/index.php?id=304319926&eid=-10

The implication is that the weaknesses are in PHP and MySQL, and in those big applications written in PHP. Not the small stuff written by the customers.

If customer passwords really are a problem, then we need a regime to make everyone change their password every six weeks, just like I have at work. And we ned a utility to reject easy passwords and prevent reuse of previous passwords (like people who rotate around summer, autumn, winter and spring - obvious and stupid).

But also we need an assurance that all software offered for installation by PowWeb is up-to-date and fully patched. If this problem is to be fixed, it will cost ongoing time and money, and perhaps us forum members should concede that PowWeb is too cheap.

I don't know if the passwords are compromised or not, but if a site has had unusual activity it is prudent to change them in any case.

If a hacker is logged on to your account, and sits there on broadband, logged on permanently, does you changing your password affect him at all???

Probably not - but there again are they likely to be sitting on an account permanently logged on?

Unless your site is specifically targetted for it's content (most here don't seem to be) then changing passwords would be of help. In the rare (in the experience of Powweb customers here on Powweb servers) example you quote what would help once the password is compromised?

I agree with you about the software provided in Instant Install should be the latest fully patched version - or we all suffer.

I also agree with the forced rotation of strong passwords. Password history (the system used here) can be curcumvented if the number in the history list is too short. We also need to be forced into strong passwords - maybe with a utility indicating the 'strength' of the password. I've seen one somewhere I signed-up at - it graded the password and if it wasn't strong enough rejected it. (Was that on Powweb already?)

It's not right to suppose what hackers might do - out there anything can happen, and it seems that it does.

If I were a hacker, I would stay logged on, in case they changed their password. After all, changing the password is the correct / normal thing to do. On the other hand, if I had had enough fun, I would finish by changing your password.

I agree that it's not the content here people are after, just the annoyance. But each server has hundreds of web sites on it. Chaos if a server is compromised. PowWeb need a page where they tell us the patched versions of everything, and I think we will have to endure stricter passwords. As per all the spam out there, there is always the old joke where the man typed "penis" as his password and the machine said "not long enough".

Both under old Powweb and New Powweb I can't remember any (not to say there weren't any though) cases where the server globally was made available via a hole - although we wouldn't have been told anyway.

Agreed, fully patched and easy upgrading and patching is needed if Install Central installations are to continue.....

If I were a hacker, I would stay logged on, in case they changed their password. After all, changing the password is the correct / normal thing to do. On the other hand, if I had had enough fun, I would finish by changing your password.


I shouldn't say this in public, but hackers don't care if you change your password. They got access before and they can do it again. Changing your password protects from people like my husband who is not computer savvy. My son changed the login on one of our computers when he was five years old and my husband couldn't log into the computer!

The scripts and what is accessible on the Internet, especially Google, is extremely convenient to the casual hacker. You must protect admin scripts, remove installation scripts, hide login info and web stats and remove php errors from being displayed on the web page and stored in search engine cache! File paths and usernames can be found on searches.

Hackers look for common open source scripts to exploit. Even updated scripts can be exploited. Put an index in each directory, so people cannot view all items in your directories.

http://www.linuxworld.com.au/index.p...319926&eid=-10

The article is very limited. I can tell you that Microsoft is MUCH easier to exploit, because most people have to jump through hoops to secure it. It takes time for changes to be seen and in that time, something can happen. The scripts and how information is stored or hidden is more important than the platform.

I agree that it's not the content here people are after, just the annoyance

Sometimes. I know someone who stole credit card numbers and sold them. He got 20 years in jail and a big fine after he got caught. Do not assume that hackers are doing it just for a power trip. Some people take over websites and demand money to fix them. I hope the abusive hackers rot.

There are ethical hackers who will test scripts and report exploits to improve scripts and security. The "white hats" will give advice on how to protect your scripts and information.

The "black hats" are the people who exploit sites to harm others and gratify themselves. Do NOT post their names! Do NOT give them the glory and recognition they seek! They do not deserve a reward for bad deeds.