SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
Recently there is a hacker who managed to exploit my website through a loophole in my PHP script. He keeps on blackmailing me for money. I banned his IPs but he kept changing his IP.

I have done:

chmod -R ugo-x /tmp (making /tmp unexecutable)
chmod o-x /usr/bin/wget (restricting wget)

What else can I do?

--------------------------------------

After I did this:

chmod -R ugo-x /tmp (making /tmp unexecutable)

Some of my scripts failed to run properly. I had to reset it back to the previous setting. But I do not know what the original setting is.

Currently I set it to 777. Is that OK?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
/tmp must be set to 1777 to work.

The solution to the problem is to remove (or update) the script that they're exploiting - you'll have to do some trawling through your domlogs.
 

rhenderson

Well-Known Member
Apr 21, 2005
784
2
168
Oklahoma
cPanel Access Level
Root Administrator
Recently there is a hacker who managed to exploit my website through a loophole in my PHP script. He keeps on blackmailing me for money. I banned his IPs but he kept changing his IP.
Blackmailing for money? Is it someone from a foreign country? Many many years ago way before the Internet was popular I ran a BBS system which someone tried to hack into, I called the police, they traced it (Back then it was traced by telephone traps) and it was a 13-year old from another city in our same state. I opted not to file charges after a sit down between the police and him. I am sure the FBI or your State Police would be interested in someone trying to blackmail over the Internet, pretty serious stuff.

I am sure some people would think nothing would ever happen and the police would not listen but remember the squeeky wheel gets the grease