Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Links 2.0 hacked

Quote Reply
Links 2.0 hacked
I am not sure what happened since my host (very serious one) said that no one but me logged in on ftp or ssh. They said it might be a problem with the script or somebody who knows my pass but I am sure nobody knows my loging/pass, so...
All my template files were modified on Jan 28 2005 and a nasty autoinstaller code was placed. Nothing else was modified, only the html templates and they went live when I updated my directory (well, 10 hours ago). Imagine what a surprise...

Some updates/security checks on Links 2.0 could have some use, since I paid for my license...
Quote Reply
Re: [raduka] Links 2.0 hacked In reply to
The only way someone can get in, is;

1) Your password has been compramised for SSH/FTP
2) Your Links 2 admin panel isn't password protected.
3) Your Links 2 admin panel has been compramised, and someone knows your login details
4) You have something on your site, which has allowed someone to "cat" your .htpasswd file (mainly formmail scripts).
5) I believe there is a server virus, which targets a selections of sites (Links2 installations being one of them). It edits all your pages, and puts something like "owned by the xxx virus!!!"

Hopefully one of those will help you :)


Andy (mod)
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Links 2.0 hacked In reply to
Thanks for the reply. However:

1. No one but me logged in with FTP or SSH.
2. Admin Panel is protected.
3. That could be possible, but there were lot more to gain if he changed all my already built pages (my affiliate links), and not stick to only modify the templates (which were not live because the site was redesigned in that period)
4. I am talking with my host to search for this kind of software
5. I read about that worm, its not my case. I think its a new vulnerability (of course I admit someone can guess my login info which eliminates the posibility of a security bug)