unknown file 663.php in ftp root - ftp

For some reasons I have a 663.php file in every folder and subfolders of my httpdoc root in my web server ftp. I don't know where this file came from and my host does not know either
I would very much appreciate any help

Depending on it's content it could seem like a PHP Shell Backdoor.
An attacker would upload this file to gain access to your files, database ect.
They usually exploit a flaw in your application, to upload files.
Be sure to update all the software you are running.
Someone might have gained access to your site, also change all passwords.

It looks like this has occurred before to other users:
Your site has been hacked. The 663.php file is sending out anonymous
spam. If you host with GoDaddy, this is a common theme as thousands
of accounts share one IP and one person with shell access can get in
and place an htaccess file above the root folder on the server and
autoload the files into every folder in your website and onto every
site within that IP address. Year1Media
Quote from AolAnswers.

Thank you all for your help. After a little search i found out that It was a Plesk security vulnerability. The problem was solved by running a patch in parallels plesk. Apart from inserting unknown files it also changed .htaccess to redirect to weird websites.

It Is a Plesk Problem
they are correction patches here:
http://kb.parallels.com/en/113321

Related

SSH Command in my FTP dev folder?

Intro:
I have 2 folder on my ftp, one for my main website and one for the dev website.
Question:
If I run a ssh command into my magentoroot\dev\shell folder, should I worry about consequences on my main website?
thx
Not really. Unless the two site use the same database
Please, note in case you need to work on development website. You need a separate database and file system. If database in common there must be possibility of configuration change while working in admin or while performing operations and installation of new extension. So, always try different database for staging and production website

Laravel 5.4 Error 500 on all but Front Page

I have a functioning laravel app that I developed locally. I moved it onto a server via ftp (just to show someone for feedback).
I changed the APP_URL in .env to the subdomain pointing to the /public folder. Also changed the database information. Everything else was left exactly as is.
I can access the front page without any problem. Anything else (e.g. /login or an AJAX to any other controller) results in a Server Error 500 that leaves no trace in the server error logs.
When I assign different routes to the / those are also displayed. I can show pages that pull data from the database, so that is not the issue.
Both local development and server run apache on linux.
Any pointers?
Update: Thank you for the suggestions so far. I currently cannot access the server via ssh (not my server). I'm working on getting that set up and will try your solutions as soon as I can.
Thanks everyone.
With a little help from the hosting company we found the problem. All we had to was to add
RewriteBase /
to the .htaccess automatically created by laravel.
Make sure that your web-server has read and write permissions to the following folders
public
bootstrap/cache
storage
If the web-server does not have these permissions it cannot compile views, store session data, write to log files or store uploaded files.
Set Webserver as owner:
assuming www-data is your webserver user.
sudo chown -R www-data:www-data /path/to/directory
Not always will work if you CHOWN it, in some cases I had to CHGRP to www-data on my Ubuntu VPS as well.
How I'm checking is this:
Domain has to point and if there's an SSL, a padlock in the web browser has to be seen. No matter on your localhost, but Laragon is the quickest to set it up.
Now I know that I see what I should if I can write something in my index.html file inside. If I can't see it, permissions or roles are wrongly set.
Laravel has tons of info online (or google it) on how to set up CHOWN and CHGRP, so, if I'll clone some repo, or unzip it, the first thing now is to set these two up. If these two are rightly done, I can do npm install, composer install - if it's not a shared hosting where I can't do it, but VPS or localhost.
Now you should be able to see Laravel's pages and only public and storage might want different permissions than the rest.
.env file should be created with right permissions as well, if no, you won't key:generate later for instance.

+Moving CodeIgniter from live to local

Perhaps someone can share their experience or advise on how to get this accomplished.
I have looked around and found only a wiki entry dealing with server migration from host to host.
Here is the setup and things I have tried:
locally I am running win 10 with XAMPP server
hosted on hostgator
Downloaded all files from live site
Did an SQL dump/import onto my local mySQL
Edited ‘exp_sites’ for paths and URLs
Edited ‘config.php’ in system folder
Result:
- can not login into backend ...that is form refreshes but no redirect. I can tell that db is being queried since since I do get error back if it is a wrong password.
Anyone has done similar setups/downloads/takve-overs of their client’s site?
Ideally, I would just like the access to CP so I can edit the settings/paths of weblogs,uploads etc.
Thanks for your time!
Are you using CI default password library for password creation? If you are using then these passwords will not work for you because this library generate server dependent passwords.

Theme not getting copied

I worked on a website and it was hosted on bigrock server. But the client want me to transfer into just host. I managed to copy all the stuffs, but the theme I installed into old server is not getting copied into new justhost server. Please help me out in this one.
more details maybe, maybe an error message or something?
But: I found it quite common for file permissions to be an issue when using straight copy/paste/move.
When moving anything like a cms or cart with potential file permission issues, I would through cpanel/UI compress the lot and then move or copy the .zip/.tar ; On new server unzip through cpanel/UI and previous permission are intact too.

Joomla! 2.5.4 Hacked: Having trouble with diagnosis

My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
Here is the info that I have so far.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
Passwords of other administrators were changed but not mine fortunately.
User_notes table deleted, which renders the User Manager in the admin section useless.
According to logs the attack hit the following files in this sequence:
/administrator/index.php
/index.php (Root)
/plugins/authentication/joomla/joomla.php
/plugins/user/joomla/joomla.php
and then the changes to the users and user_notes tables.
There is no junk in either index.php
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
Thanks in advance for any help!
Firstly, reset the passwords of all the administrators, including yours, then change them and ensure they include letters and numbers. Then change the password for the host control panel using the password generator if they provide one. If not, use a password generator online. Once this is done change the password for your database username and don't forget to also update the configuration.php with your new password.
Secondly, download and install Admin Tools which will add more security to your site for the future. Admin Tools also comes with an Emergency Offline button which is useful.
Then download and install Saxum IP Logger which will trace all the registered users, giving you their IP address, country and so on and you can also block IP addresses using the plugin that comes with it.
Next, go to the host control panel and look at the logs to see which IP addresses have entered your website and while files they have accessed. The IP address that coresponds to the files edited, you can then block using the plugin I mentioned before. Joomla 2.5 is very hard to hack so it is rather likely you have an extension that is badly developed and allows SQL injection. Therefore you should always choose popular extensions to install on your website when they are database related.
Hope this helps you in the future. Regards
EDIT : You can also password protect your folders in the FTP for additional security.
You may also find this extension quite useful
After you recover from this, make sure you place a password on the /administrator directory with .htaccess, assuming this is a Linux based server.
Couple of steps that will help you identify the point of access.
Also depends on if you have access to some server side tools.
Contact host and ask them if they run Mod_Sec if so ask them for the Mod_sec flag for that IP.
Ask the host if they run any type of maldet tools - if so ask for a scan of your account.
If you have shell access run a check on what were the most recent files changes... Side from tmp and cache files.
Fixing the hack
1. Change all your passwords -
2. Install project honey pot.
3. Admin tools install is good but you need the pro version to really gain access to the security tools.
4. Migrate to a host that specializes in Joomla platforms, in most cases they already have the accounts configured for common security issues in Joomla.
Getting hacked really sucks... Good luck!
Relocate your administrator page by editing the config.php files .. and edit your FTP permission settings. If your administration login url was the standard location. (www.site.com/administrator ) change this location and block access using your hosting control panel to only certain ip address (and even restrict access by hours of availability.
How many administrator user accounts do you have. There really should be only one person with super user access . It is really not productive or safe to have other users that do minor edits of the website with administrator privileges; and they could accidentally cause issues. These are basic steps and there is a lot more you can do. Send an email if you need help/step by step instructions. Hope all goes well.

Resources