Hacked 4 Times In 2 Days.... Very Frustrating

[alexshelton]

Hey guys,

well I speant most of yesterday trying to get my website back to a certain level of functionality, however once again at 1am this morning I was hacked again! for the 4th time lol

Hacked By Aljyyosh < Hacked By Aljyyosh?

Has anyone else been attacked by this guy?

Thanks all and Merry Christmas

Alex

[WD Mino]

Hi,

you need to go here Website Security - Acunetix Web Security Scanner
They have a great program that will check your site for vulnerabilities it is free!

Easy to use and works great
HTH

-WD

Merry Christmas to you as well

[ebizman87]

I've not heard of that MORON but I wonder why in the world he's doing that kind of **** work?

The background music sucks like BS and the stuff he wrote on his site looks CRAP.

It's FUNNY to see people like this are still occupying earth.

Anyway I hope everything will be fine soon.

Merry Christmas To You...

[theemperor]

Hmm I am not going to click that link - the website of a hacker

Anyway one thing to check is ALWAYS use Secure FTP, and NEVER use standard unsecure FTP.

Use randomly generated passwords, and software like KEEPASS to manage them as you probably wont be able to remember passwords like this:

0pg0yWgu3LjomcTOH97c

Good luck.

I've been hacked too - it's certainly no fun, especially when Google cottons on to it and lists you as comprimised.

[VegasGreg]

I am not clicking the link either, but if it is a Wordpress site, make sure you go into the database (myphpadmin) and change the user email address when you change the passwords.

These hackers usually put their email address into the site, so when you change passwords they get an email alerting them of the new one. That way they can keep gaining access to the site.

[paulie888]

I'm so sorry to hear that, Alex. I see you're up and running again, for the life of me I wonder why they'd want to hack your site. They're usually after monetary gain, and I fail to see how they'd gain from hacking into your site! Did you ever have any encounters with them before?

[alexshelton]

Hey, yeah what a complete douche this guy is huh? lol

Thanks for the suggestions guys, I'll be getting those implemented asap.

@Paulie yeah tell me about it! It's a blog for goodness sakes , no actually its never happened before.

[paulie888]

@alexshelton - did your hosting provider give you any tips and advice on how to prevent this unfortunate incident from happening again (besides just changing the password)? This is something we could all learn from, and perhaps be able to take precautions against so that we minimize the chances of something like this ever happening to us in the first place.

[Sumit Menon]

I'd change the password of the Cpanel and your CMS.

Don't you have hacker friends? Ask them to hack the sucker back. That oughta teach him a lesson.

Sumit.

[ARVolund]

One method I have found handy is to use numbers that I can remember and then just enter them using the shift key so you get the crazy symbols. 789654 becomes &*(^%$ Add a couple of upper case letters and real numbers and it is very secure.

Quote:

Originally Posted by theemperor

Hmm I am not going to click that link - the website of a hacker

Anyway one thing to check is ALWAYS use Secure FTP, and NEVER use standard unsecure FTP.

Use randomly generated passwords, and software like KEEPASS to manage them as you probably wont be able to remember passwords like this:

0pg0yWgu3LjomcTOH97c

Good luck.

I've been hacked too - it's certainly no fun, especially when Google cottons on to it and lists you as comprimised.

[medway]

Quote:

Originally Posted by paulie888

I'm so sorry to hear that, Alex. I see you're up and running again, for the life of me I wonder why they'd want to hack your site. They're usually after monetary gain, and I fail to see how they'd gain from hacking into your site! Did you ever have any encounters with them before?

Quite a lot of them aren't after monetary gain, its more the pleasure and esteem from being able to break in and take over and then leave their mark.

[ramone_johnny]

If it was an IFRAME attack make sure your local computer isnt infected. Changing passwords wont do anything.

[Sumit Menon]

If you wanna make stronger passwords.. here's a technique:

Pick a favorite phrase. eg; "Don't Say Imagination Is Morally Wrong"

Now take just the first letters dsimw.

Add your Date Of Birth at the end - dsimw17.

Throw In special characters on the front and the back - @!dsimw17!@.

Capitalize First And Last Letter - @!DsimW17!@.

Hack that if you can... The Password gets a 100% at Password Strength Checker

Hope this helps.
Sumit.

[mahesh2k]

Alex, if you're using wordpress then backup your database and remove the installation. Also there is likely be some files kept on your public_html folder so if anything unknown should be deleted. Upgrade to wordpress latest version ASAP.

[Dennis Gaskill]

It's highly unlikely that preventing your site from being hacked is even possible if the right person is determined enough. After all, if the Pentagon and NASA can have their computers hacked (and they have been), one should assume any computer online can potentially be hacked.

Hacking can be made more difficult though, which is often enough to send most hackers in search of easier prey. I don't pretend to be an expert in preventing a hacker attack, but I will share what I know with you, which I've listed below:

1. Make your password as difficult as possible for software or humans to guess. Some hackers use software to blast user name and password combinations at a web site. This is known as a "brute force" attack. The longer your password is, the harder it will be to crack.

Ask your web site host how many characters can be in your password and what characters are allowed, then change your password to one that uses as many characters as allowed and also uses a healthy mix of upper and lower case letters, plus numbers and special characters if they're allowed. Each additional character makes the password exponentially harder to crack, so making it as long as possible is crucial!

EXAMPLE: Using only the lower case alphabet, there are 456,976 combinations of letters possible in a four-letter password. A five-letter password has 11,881,376 combinations. You can see how a 12-letter password that uses lower case, upper case, numbers and special characters would be infinitely harder to crack. My calculator doesn't go that high.

DO NOT replace characters with similar looking special characters, such as changing "password" to "p@$$w0rd". The better hacking tools have a "leet" feature, as it's called, which substitutes special characters for similar looking letters when it's trying dictionary words and proper names. In fact, your password should not spell any word at all. That will render all dictionary attacks ineffective.

2. Make sure your passwords for all administration (FTP, control panel, software admin, and email accounts) are complex and difficult to guess. Use a different password for each application. If a hacker cracks one, he or she won't have access to everything else.
Don't choose a username like “admin” or “administrator.” If you use something that simple, a hacker is already halfway in. I've even seen people use "password" for their password. Sure, it's easy to remember, but the easier it is to remember, the easier it is to guess.

3. Use a web site host that uses "CAPTCHA technology” to gain access to your control panel. This will help prevent brute force attacks from working because the software can't read the CAPTCHA image. You still want to use the max password mentioned in Item 1 as well. (CAPTCHA is a type of challenge-response test used in computing to ensure that the response is not generated by a computer. See Wikipedia.com for more information.)

4. In your control panel, disable anonymous FTP, or ask your host to do it if you can't find how. For some reason many hosts have anonymous FTP enabled by default. That could have been the opening the hacker found.

5. Visually inspect your web site directories, looking for files and folders you don't recognize as your own, orr delete everything and upload a backup copy if you have it.

Why? A hacker can place one file in a lower level folder that keeps a backdoor open no matter how much cleaning up you do, until you find that file and get rid of it.

Also visually inspect the source code of your web pages looking for inserted links, javascript, or other code that's not yours. Remember to look after the source code as well. I learned the hard way that the search engine spiders don't stop reading the page when the HTML element is canceled; they go all the way to the last character in the file.

If you have a lot of pages, you'll probably want to break this task up and do a comfortable amount in several sittings rather than making an overwhelming chore of it in one sitting. If your site is too large for this step, at least make random checks periodically.

IMPORTANT: Before opening any unknown files you discover, be sure you have antivirus software running on your computer or you could accidently open a hacker tool that could give the hacker access to your computer. Good antivirus software will prevent the file from opening and notify you of the reason it was blocked.

6. If you use any commercial scripts, keep them updated. Updates often include security patches against newly discovered vulnerabilities.

7. Use a web host that regularly updates its server software. As in the item above, updates often include security fixes.

8. Avoid open source software. Since open source software means the source code is basically available to anyone who wants it, that makes it easy for hackers to study it for vulnerabilities. Similarly, do not install any software that is not from a trusted source, especially freeware. Software can contain a Trojan which allows a hacker to access your computer. They can hunt for the information they want from a distance if your computer is infected.

9. Research vulnerabilities in PHP applications. While I'm not an expert in PHP, I've seen many PHP vulnerabilities pop up in search results. If you're unsure about the software you're using or thinking of using on your site, try searching for it by name and adding "+exploits" to the end. You may be surprised at your findings.

10. Run only the software you need. The more programs you have installed, the more opportunities there are for a hacker to find a way in.

11. Do not use public wireless hot spots for sensitive computer work. If you use a laptop to access your web site or process any sensitive information, it will be easy (VERY easy!) for an experienced hacker to intercept your data.

12. Check your web site log files regularly to look for suspicious activity. In my research, I kept seeing the advice that you should check your web site's log files regularly for suspicious activity. What I couldn't find was what to actually look for. No one that advised looking for suspicious activity defined what it was. The only thing I did find is that almost everyone that comes to your site will do so through your domain name, so if you see multiple accesses or access attempts using an IP address rather than your domain name, there's a good chance it's from a hacker's port scanning software.

Other than that, it seems just looking for an anomaly is thing to do.

13. Open an account at Google Webmaster Central to monitor which pages are indexed. If I had done this before my site was hacked, I could have spotted the hacker-inserted links much faster. There are many other good information resources available to you with a Webmaster Central account (which is free), including information on security threats.

14. And of course, there's the obvious—never give out your user name and password to anyone unless you initiate the communication, and then, only if you trust them AND they have a need to know.

Two Additional Measures You Should Take

1. Keep up-to-date backup copies of your web site and databases so you can quickly restore your site if it is successfully hacked. (If you use databases, you'll have to take special measures to back them up. Ask your web host if you're unsure of how to do this.)

a) DO NOT count on your web host's advertised daily backups. This often isn't reliable. If you have the proper files your web host can restore your site easily, including the databases. If not, you'll be starting from scratch with any program that uses a database.

b) When you create backup files, make sure that you're not saving a hacker file or an infected file. If your site has been hacked, nothing in the system can be trusted at that point. Hackers sometimes replace common server utilities with Trojan versions, giving themselves a backdoor even if you've replaced the hacked web pages.

2. Use a hardware firewall and antivirus software program for your home computer, and keep it updated. Your personal computer could be the easiest to crack, allowing a hacker to access any information on your system, including login and password information. Install a good anti-spyware program, keep it updated, and use it regularly.

How do I know all these things? My site was hacked about 18 months ago. It caused my site to be dropped from dozens of page one and page two rankings to clear out of site. It killed my income when my site went from about 80-100k visitors per month to less than 4k.

Hope that helps.

[bdegrossa]

I had 10 sites hacked in one bluehost account. Wordpress - none had been upgraded to latest version as I was waiting for it to shake out and let plugins catch up.

Anyone had bad luck with Bluehost? I hear they have some php problems that cause vulnerabilities. Have been there for years and was never hacked before, but it seems like there are several recent incidents online where their servers have been compromised.

Anyone else had issues there? Other host company recommendations?

Thanks.

[mywebwork]

I'll say one thing for this creep, he's efficient. If you Google "Aljyyosh" he has the whole first page to himself - other sites that were "Hacked by Aljyyosh".

Very sorry it happened to you Alex.

Bill

[Conrad C King]

Here are 4 plugins that can cut down on the crap, at least make it harder.

AntiVirus for WordPress - Clever plugin for better blog security
Bad Neighborhood - Webmaster and SEO Tools
WordPress Firewall Plugin » SEO Egghead
WP Security Scan | WordPress Developer

[Simon Royal]

He is indeed efficient!

look how many he has done.

"Hacked By Aljyyosh - Google Search

Sorry for the experience with this guy.

Torrance

[spaxton1]

Had the same problem with different hacker. The hacker did a simple homepage defacement through a my vulnerable wordpress themed blog.

If your site is wordpress you can easily fix the problem by updating to the latest version. Earlier versions of wordpress had a simple error that allowed hackers to do a sql injection and force new files on your root server.

Took me forever to figure out what and how they had done it, but in my case it was a vulnerability with an outdated wordpress theme... I would've never thought of that!

The hacker probably found your site via google by searching for outdated wordpress sites. You're probably not alone, this guy is probably out there defacing dozens of other sites. My site was one of thousands defaced.

Hope that ads something... FYI- no site is really hacker safe. Even the most secure sites can be hacked if the hacker really wants to get in. In fact I think the "Hacker Safe" seal was changed to "Macafee Secure"

Good luck to you. Now go update Wordpress!

[Quentin]

Most of these guys get in through hacking your computer and getting the password. I found the same thing and they were getting my password through Filezilla.

Go through and change all your passwords and use Keypass to store new ones that can not be accessed from your computer,.

Then when ever you access your site, ftp or anything only use keypass.

You will find it is worth it in the long run.

You can also add it to a usb if you travel a bit like me.

Key Pass Security for your Business. | Website Marketing For Better Results

Quentin

[alexshelton]

O wow, not just me then!

Thanks for the suggestions guys, he seems to have eased off now

Happy New Year