How did DigitalMind change my index page?

I happened to notice today that one of my Web sites was hacked.
They somehow replaced my index.php with index.html with only the text
"DigitalMind" in it.
Actually, they just inserted index.html, and since my server processes
index.html before index.php, the site displays that.

So, how did they do this? More importantly, how do I prevent it from
happening again?
I guess I can contact my Web host and ask them to set it to only use
index.php as the root page, but can they possibly replace MY index.php
with THEIR index.php in the future?

Thanks for any information!
Oh, if it helps, I'm using RedHat ES 2.1 with Apache 1.3.33 (I believe.)

On Tue, 06 Sep 2005 08:47:04 -0700, news wrote:

> I happened to notice today that one of my Web sites was hacked.
> They somehow replaced my index.php with index.html with only the text
> "DigitalMind" in it.
> Actually, they just inserted index.html, and since my server processes
> index.html before index.php, the site displays that.
>
> So, how did they do this? More importantly, how do I prevent it from
> happening again?
> I guess I can contact my Web host and ask them to set it to only use
> index.php as the root page, but can they possibly replace MY index.php
> with THEIR index.php in the future?
>
> Thanks for any information!
> Oh, if it helps, I'm using RedHat ES 2.1 with Apache 1.3.33 (I believe.)

It isn't clear to me from your post if you are running apache on your own
server or on a hosting service. The first thing you should always do when
running something open to the world is keep it up to date. I think 1.3.x
apache is pretty old.

As far as how it was done, there are a lot of possibilities. A bug in
apache, a misconfiguration of apache, a bug in a cgi script or server
include, a security problem somewhere else in the system that allowed
someone to modify files...
Then there are attacks from the "inside"...