Not only the index file was modified, but some file has been uploaded to the server: http://elt.edu.kh/1.gif I just can success you to look the server logs and find when and how the file 1.gif has been uploaded to the server. On 10 July 2010 19:54, Sovichea SOU <svch_sou@xxxxxxxxxxx> wrote: > Here it is: elt.edu.kh > I rename hacked file to http://elt.edu.kh/index_old.htm > > Thanks. > > > > On Sun, Jul 11, 2010 at 12:50 AM, Davide Baglieri <davidonzo@xxxxxxxxx>wrote: > >> >> >> Can you link us the hacked website? >> There is any public upload form? >> >> Maybe someone upload a C99 shell. >> >> >> On 10 July 2010 19:36, Sovichea SOU <svch_sou@xxxxxxxxxxx<svch_sou%40yahoo.co.uk>> >> wrote: >> > Thanks for your fast reply. >> > >> > They are: >> > >> > 1. http://www.dynamicdrive.com/dynamicindex14/leftrightslide.htm >> > 2. http://www.dynamicdrive.com/dynamicindex4/lightbox2/index.htm >> > 3. phpmailer >> > 4. phpmaker 7 >> >> > >> > >> > Vichea >> > >> > On Sun, Jul 11, 2010 at 12:29 AM, <gordon.leonard@xxxxxxxxxxxxxx<gordon.leonard%40btinternet.com>> >> wrote: >> > >> >> >> >> >> >> have you got any installed 3rd party software like a gallery or >> >> messageboard? >> >> >> >> ________________________________ >> >> From: Sovichea SOU <svch_sou@xxxxxxxxxxx <svch_sou%40yahoo.co.uk><svch_sou% >> 40yahoo.co.uk>> >> >> To: php-objects@xxxxxxxxxxxxxxx <php-objects%40yahoogroups.com><php-objects% >> 40yahoogroups.com> >> >> >> Sent: Saturday, 10 July, 2010 18:24:25 >> >> Subject: My website had been hacked many times. >> >> >> >> >> >> Hello, >> >> >> >> One of my website has been hacked many times. >> >> The index.php was modified and it was low permission as well. >> >> >> >> I used to change hosting control panel and ftp password, but nothing >> good >> >> happen. >> >> I cannot explain you more than this. >> >> >> >> Please advice. >> >> >> >> Regards, >> >> >> >> Vichea >> >> >> >> [Non-text portions of this message have been removed] >> >> >> >> [Non-text portions of this message have been removed] >> >> >> >> >> >> >> > >> > >> > [Non-text portions of this message have been removed] >> > >> > >> > >> > ------------------------------------ >> >> > >> > Are you looking for a PHP job? >> > Join the PHP Professionals directory Now! >> > http://www.phpclasses.org/jobs/ >> > Yahoo! Groups Links >> > >> > >> > >> > >> >> Reply to sender<baglieri.davide@xxxxxxxxx?subject=Re:+%5Bphp-objects%5D+My+website+had+been+hacked+many+times.>| Reply >> to group<php-objects@xxxxxxxxxxxxxxx?subject=Re:+%5Bphp-objects%5D+My+website+had+been+hacked+many+times.>| Reply >> via web post<http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJwZGhlN3UyBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzk5MjEEc2VjA2Z0cgRzbGsDcnBseQRzdGltZQMxMjc4Nzg0Mjcw?act=reply&messageNum=9921>| Start >> a New Topic<http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJlMTdqaHRpBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA250cGMEc3RpbWUDMTI3ODc4NDI3MA--> >> Messages in this topic<http://groups.yahoo.com/group/php-objects/message/9918;_ylc=X3oDMTM0bW1udHBuBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzk5MjEEc2VjA2Z0cgRzbGsDdnRwYwRzdGltZQMxMjc4Nzg0MjcwBHRwY0lkAzk5MTg->( >> 4) >> Recent Activity: >> >> - New Members<http://groups.yahoo.com/group/php-objects/members;_ylc=X3oDMTJmMTBuZmk4BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZtYnJzBHN0aW1lAzEyNzg3ODQyNzA-?o=6> >> 13 >> >> Visit Your Group<http://groups.yahoo.com/group/php-objects;_ylc=X3oDMTJlNDkwOTlhBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZnaHAEc3RpbWUDMTI3ODc4NDI3MA--> >> Are you looking for a PHP job? >> Join the PHP Professionals directory Now! >> http://www.phpclasses.org/jobs/ >> MARKETPLACE >> >> Stay on top of your group activity without leaving the page you're on - Get >> the Yahoo! Toolbar now.<http://us.ard.yahoo.com/SIG=15obv1910/M=493064.13983314.14041046.13298430/D=groups/S=1705006764:MKP1/Y=YAHOO/EXP=1278791470/L=b99e6b42-8c4b-11df-a129-b70b509ce262/B=1fd1MmKImkk-/J=1278784270906708/K=OeRK1F5IQw3kQxeG1tTKhw/A=6060255/R=0/SIG=1194m4keh/*http://us.toolbar.yahoo.com/?.cpdl=grpj> >> ------------------------------ >> >> Get great advice about dogs and cats. Visit the Dog & Cat Answers Center.<http://us.ard.yahoo.com/SIG=15ogv3267/M=493064.13814537.14041040.10835568/D=groups/S=1705006764:MKP1/Y=YAHOO/EXP=1278791470/L=b99e6b42-8c4b-11df-a129-b70b509ce262/B=1vd1MmKImkk-/J=1278784270906708/K=OeRK1F5IQw3kQxeG1tTKhw/A=6078812/R=0/SIG=114ae4ln1/*http://dogandcatanswers.yahoo.com/> >> ------------------------------ >> >> Get real-time World Cup coverage on the Yahoo! Toolbar. Download now to win >> a signed team jersey!<http://us.ard.yahoo.com/SIG=15og49d5g/M=493064.14012770.13963757.13298430/D=groups/S=1705006764:MKP1/Y=YAHOO/EXP=1278791470/L=b99e6b42-8c4b-11df-a129-b70b509ce262/B=1_d1MmKImkk-/J=1278784270906708/K=OeRK1F5IQw3kQxeG1tTKhw/A=6093983/R=0/*http://us.lrd.yahoo.com/_ylc=X3oDMTFnaW51Y3EyBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMjc3MDUEdG1fbmV0A1lhaG9vIQ--/SIG=1219e5kan/**http%3A//toolbar.yahoo.com/tour%3Ftab=wc%26.intl=us%26.cpdl=wc> >> [image: Yahoo! Groups]<http://groups.yahoo.com/;_ylc=X3oDMTJkdXUwcnVlBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2dmcARzdGltZQMxMjc4Nzg0Mjcw> >> Switch to: Text-Only<php-objects-traditional@xxxxxxxxxxxxxxx?subject=Change+Delivery+Format:+Traditional>, >> Daily Digest<php-objects-digest@xxxxxxxxxxxxxxx?subject=Email+Delivery:+Digest>• >> Unsubscribe <php-objects-unsubscribe@xxxxxxxxxxxxxxx?subject=Unsubscribe>• Terms >> of Use <http://docs.yahoo.com/info/terms/> >> . >> >> __,_._,_ >> > > > [Non-text portions of this message have been removed] > > > > ------------------------------------ > > Are you looking for a PHP job? > Join the PHP Professionals directory Now! > http://www.phpclasses.org/jobs/ > Yahoo! Groups Links > > > > ------------------------------------ Are you looking for a PHP job? Join the PHP Professionals directory Now! http://www.phpclasses.org/jobs/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/php-objects/join (Yahoo! ID required) <*> To change settings via email: php-objects-digest@xxxxxxxxxxxxxxx php-objects-fullfeatured@xxxxxxxxxxxxxxx <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
