Hacked!

Server got hacked!

I hate hackers who have nothing better to do than to make your life hell. Friday sucked. All day, the server was down, and we were facing losing TONS of data, email, etc. Finally, CI Host re-imaged the server and copied over our data. At first, they wanted to just give me the server back, like a clean slate, and keep my original data on a slave drive. Something like: “Your server’s back up, good luck.”

This morning, I think I found one way the server got hacked. In a certain directory, someone installed PHPSHell by Macker. This shell allows you to run commands at the server level. This could be very detrimental, depending on what rights the user (webserver) running the commands had. I’m hoping that the exploit has been corrected. PHEW!