Oh noez, Hackerz!!!!

Published on 06 April 2012

Today I detected that one of my sites was hacked. Some punks got access to one of my webservers, added some files and altered some other files. Lucky me, on this webserver is php forbidden and they couldn't do any harm.

But from the start:

I host the website for one of the local sport clubs. The website is static, showing only some pics, contact and legal stuff. Once a year there I make a short report how the website is doing and what I've done. The deadline for the report is next saturday and so I decided to look on the webserver. And what did I found there? A recaptcha.php file:

Screenshot showing a recaptcha.php file in a filebrowser

This is funny, 'cause php isn't allowed on the server. And hence it won't work... I downloaded the file and promptly my antivirus software alerted me, that there is a "PHP/Agent.FA" virus in the file. Now I'm curious.

In the file is a decrypted javaScript call to an russian webserver. Good for me, the service provider disabled all *.php files, returning only a message that php is disabled. So the JavaScript couldn't be executed even once. But if the hacker got access to the server and could already upload files... maybe he altered some too!

He did. In my index file is a new