HELP !!!! Website hacked by Viagara and medicine links

[DennisTG]

if its the same issue to why servage and others has been hacked..
/slap on you..
the spam that has happened past 3 weeks has been due to kernels not beeing updated (for one..).
Start making sure you updated the kernel and all other scripts that is running.
Especially all those "one click install" scripts that come with things such as fantastico.

make the propper updates, install mod_security, thighten your apache+php install.

install firewall and other kinds of protection while your at it if you havent already.
Good luck.

[Kent Brockman]

I wonder if host2host have been able to solve this problem

[bls24]

the spam that has happened past 3 weeks has been due to kernels not beeing updated (for one..).

How often are Kernels released (on average)?
And where do you see if you have the latest version? I know what version I have, but whereabouts on the CentOs site are they located to see if your version matches the latest one?

[markfrompf]

You should probably also firewall out the IP range since you found it in your logs - Then when you're all secured, unfirewall it and see if he gets back in.

Also, this one hit us a month or so ago: C99MadShell

[iFAdam]

Register_Globals = OFF

This will thwart a heap of attacks, and make sure you have a .htaccess file in place to prevent some malicious types of URL calls.

[AndyReed]

Also, this one hit us a month or so ago: C99MadShell

c99Shell and r57shell scripts have been around for more than two years. There are many phishing scripts out there, C99shell.php, for example, is one of'em which provides a shell-like prompt to let you execute commands interactively.

The Php Shell is a Php based script. With this script a hacker can execute arbitrary shell commands or browse the file system on a remote web server. Hackers can also use such a script for transferring a malicious site as a compressed file, unpack and then run it on a Web server. Unless you have a script to scan the content of files hosted on your Web server otherwise hackers can disguise the r57shell or c99shell as an image or html file. We've seen and cleaned up these shellscripts on many servers.