Hosting Account Hacked!

Filed in: Security — July 3rd, 2004

One of my hosting account, Frens.net was hacked thru a open source script’s backdoor. No file is modified. The hacker use the backdoor to upload illegal files into the account, and that caused the account had been suspended.

The script is osTicket, an open source support ticket system. The version I was using was 1.2.5 from cPanel Fantastico. The osTicket 1.2.5 has a attachment upload security hole which allow hacker to upload and execute files.

The latest release osTicket 1.2.7 has fixed the security problem. Please update as soon as possible if you are using osTicket.

Thought:
I was too careless this time. I found strange ticket submitions with .php attachment last few days but I just deleted them.

The attack caused my hosting account exceeded monthly bandwidth limit in 1 day and suspended due to illegal files upload. It also caused the LiewCF.com database not working properly due to full “tmp” directory.

Fortunately, everything are fixed now and I have uninstall the osTicket. :)

Like this post? Please share:

Follow @liewcf on Twitter; Join Facebook page; Subscribe to free newsletter for updates like this article..

  • http://weblog.nileshbabu.com/ Nilesh Babu Patel

    Sorry to hear that… but great to know that things are under control now…. be careful next time

  • http://weblog.nileshbabu.com/ Nilesh Babu Patel

    Sorry to hear that… but great to know that things are under control now…. be careful next time

  • http://www.20six.co.uk/gametes69 anthony wong

    hooray!!! quick work to get it all back and working so fast.

  • http://www.20six.co.uk/gametes69 anthony wong

    hooray!!! quick work to get it all back and working so fast.

t