Server exploited

[SuperBaby]

Recently there is a hacker who managed to exploit my website through a loophole in my PHP script. He keeps on blackmailing me for money. I banned his IPs but he kept changing his IP.

I have done:

chmod -R ugo-x /tmp (making /tmp unexecutable)
chmod o-x /usr/bin/wget (restricting wget)

What else can I do?

--------------------------------------

After I did this:

chmod -R ugo-x /tmp (making /tmp unexecutable)

Some of my scripts failed to run properly. I had to reset it back to the previous setting. But I do not know what the original setting is.

Currently I set it to 777. Is that OK?

 

[chirpy]

/tmp must be set to 1777 to work.

The solution to the problem is to remove (or update) the script that they're exploiting - you'll have to do some trawling through your domlogs.

 

[rhenderson]

Recently there is a hacker who managed to exploit my website through a loophole in my PHP script. He keeps on blackmailing me for money. I banned his IPs but he kept changing his IP.

Blackmailing for money? Is it someone from a foreign country? Many many years ago way before the Internet was popular I ran a BBS system which someone tried to hack into, I called the police, they traced it (Back then it was traced by telephone traps) and it was a 13-year old from another city in our same state. I opted not to file charges after a sit down between the police and him. I am sure the FBI or your State Police would be interested in someone trying to blackmail over the Internet, pretty serious stuff.

I am sure some people would think nothing would ever happen and the police would not listen but remember the squeeky wheel gets the grease

 

[mOdY]

Hello,

Sounds like you should start crawling google for servers security how-to's! start with this which might help in your /tmp case http://www.eth0.us/tmp