hackers writting files to server
II6
PHP 5
MySQL 4.1
In the last couple weeks I have had a flood of hackers hit my sites and write files to many of my sites root folders.
I have had this happen in the past once or twice as well, but It has been pretty harmless.
What usualy happens is they write a index.htm or index.html if one doesn't exist, they never overwrite any files so maybe they can't. These files are almost never loaded because index.php has greater priority and almost all my sites use index.php.
I also get other html files written that are all just like hacker sigs I guess you call them. Here is an example: http://www.canadaka.net/hacks/aniden.htm
How is this being done? and how can I stop it?
I host around 40 sites and in the last month I have found these hacker sigs in every sites root folder, so it seems like its automated somehow, I can't imagine someone doing that one by one, by hand.
Write permisions are only set on a couple upload folders with the I_USER account, but the hackers can write files anywhere it seems. But they can't or don't overrite or delete files. I have had one part of my site deleted, but that hack was contained to that part of the site, the my_eGallery, has some security issues, that allowed a hacker to completely delete all the pictures in the gallery. I have applied security updates to the script, but I still don't think its secure.
