Cleaning after a hack

Here are some tips for cleaning up after your site/server has been hacked.

Look at the files that don’t belong - find a common pattern. Most have one.

Use grep -rl pattern * to find all the affected files. If you pipe the output to a file, you can turn it into a script that can automatically delete them. However - be careful to leave any files that are important. Those will have to be cleaned up manually.

If you run into permission issues, where the files were created by ‘nobody.nobody’ or ‘apache.apache’, you can use PHP’s system command to execute the rms - like so:


system('rm -f badfile.file');

Check your error logs and access logs, as well as your stats to find any additional files.

Avoid chmod 777 - although there are times when it is necessary. This is a hazard of administering a site through the web. An excellent alternative is to always chmod 755 after you edit those files, if possible. This won’t work for caches, template compilation directories, or file upload areas.

Don’t forget to escape the input, for both command lines and SQL statements, and validate on both the client and server side.

Be sure to identify how the hacker got in, whether it was an outdated application with security holes, SSH, your code, or some other failure. Resolve that issue.

Remember that there may be more than one symptom of the hack. My server was being used to distribute files, run a phishing scam (no page requests were processed when I found it), and links to other servers in hacked templates.

If you have a hosting company, it is good to contact them for help - especially if there is any sort of phishing or other financial scam involved.

Finally, sometimes it is better to delete a corrupted application, or reinstall it.

Good luck:!:

My Favorite Web Stuff

Template engine - Smarty (

Scripting language - PHP (

AJAX toolkit - dojo (

ACL library - phpGACL (

Windows AMP server - XAMPP (

Audio Processor - SoX (

Content Management System - eZ publish (

ecommerce - X-Cart (

Blog - b2evolution (

Timecard - timesheet.php (

Project Management - dotProject (

Browser - Firefox ( + Firebug plugin

Hosting Company - (

Map API - Google (

Check your web stats

No matter what is running on your server, you should periodically check the web stats.

It may be the only way you find files that shouldn’t be on your server.

No application is unhackable. Hackers are smart and persistant.

Converge - dojo panes - AJAX iframes ...

I wanted to break my page into 6 content areas, with 5 where the content could be directed by one, and from cross-links from the other.

I pursued iframes, but the site architecture didn’t work well with it. I tried dojo’s content panes and was really impressed. In addition - these panes allow delivery of standalone HTML, while applying the page’s CSS. The integration is very simple, and polished, and extending the micro page to a full page would be easy. They also resize, so the user can adjust the page to meet their needs.

One interesting note, if you would like the panes to scroll, load the content in at page load time. Works great!

Web Jobs / Positions / Career / Recruiting

As a career path, the web has one great advantage over all others - it’s publicly accessible. You can demonstrate your skills and allow everyone to view them, at any time.

If you’re going to do this, be ready to push your skills to the limit. Refine the code, over and over. Use validators like those at, and tools like to check your work. Test with different browsers.

If you’re using commercial, open source products, go to those sites and view some sites built with them. See what other people are doing. View their code to learn more. Join the forum, to both get help and contribute.

Be honest, if you’re an engineer, state that, and if you’re a designer say so. Most people aren’t experts in every skill required to deliver a great site.

Invest in a domain name and use it. Keep it professional. You can always create a subdomain or buy another domain to put fun stuff up.

If you are a recruiter or HR person and you receive a resume for a web position that doesn’t include sample URLs, ask for them and have your web team review them. You will have a chance to evaluate a candidate’s work before you ever speak to them. Check the copyright dates to ensure you’re looking at recent work.