Dam all my websites been hacked by ******. That is not cool. All my home pages are changed. I don’t know what to do. For some reason I Google my web site. It is already been indexed by Google. Anyway I found another web page is still the same in Google Cache. Then I check the URL with exact file name. Cool it works.
How they change my home pages then?
As you know default pages are index and default and ten you can use any extension. For example index.html, index.htm index.php, default.html, default.htm etc. What they have done is create all the possible default and index web pages with their message in it. However, they haven’t overwritten the default page I already have. What a cool idea. When I type the URL it goes to their page not mine.
That type of attack is called deface.
Then I search what is the security hole in my web server. That is really a small issue. It is just a matter of folder permissions. All the folder permissions are defaulted to 666. This means it has read and writes permission to everyone.
You should keep all your folders and file except for the scripts and stuff 644 file permission. So only the owner has permission to read and write. Rest only read permission.
Do you like to learn about defacing ........how to do it?