site hacked... What to do?

[lookielookies]

I just discovered my website at newjvgiveaways.com was hacked...

I don't have any experience with this kind of stuff. What do I do?

[lookielookies]

As far as I can see, the hacker only uploaded an index.htm-file. I deleted it and everythng seems to be back to normal.

How do I prevent this in the future?

[Far Owt Publishing]

The first step I would take is figuring out how they got access in the first place. Are you running any open-source web apps (ie: Wordpress)? If so, make sure you have the latest versions/builds installed as there may be an exploit that allows such uploading.

I'd also change the password to my hosting account/FTP server login/password. I always recommend generating long, random passwords and usernames - something like 776C9E6362DC2E6 and 64A33620AF4AF03. If you're using Roboform there's actually a "Generate" button on the toolbar that'll allow you to do this.

Hope that helped!

[globalpro]

You should also contact your hosting support. They should be able to pull up the logs for your account to help see what the problem is.

Thanks,

John

[TheRichJerksNet]

If interested send me a PM with specific details of what happened and I can look into some things for you ... Have done several security consults on here and some security jobs... I have also wrote the very popular WordPress Secured ebook..

James

[lookielookies]

Thanks for the tips.

It still seems like the only thing that happened was the upload of an index.htm file... Isn't this a bit weird? Why bother then?

[TheRichJerksNet]

As explained in PM they uploaded the index file just to see if your wp was secured or not.. Now they know it is not.. In otherwords they was testing.

I have explained many times over no matter what version of WP you are running you WP is NOT secure.. There is nothing wordpress.org can do to stop the hacks. They can update until the cows come home and it will not do any good as the hackers get these updates also..

Only way to secure your WordPress is to do it yourself or hire a proper WordPress Security Dude..

Many people say "update" and "backup" thats the best you can do .. Well they are wrong, dead wrong...

The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

Anyone that runs a wordpress site and does not get secured will eventually be hacked...

James

[hiphil]

Have you examined the content of the index file they uploaded?

It might be a Trojan horse. Then the hacker can use the file as a back door to plant other files on your site. For example fake banking site or other phishing site. Or they might set up a spam relay on your site.

I have created some scripts to disable files that are added to my site by hackers. Just 2 days ago this foiled a hacking attempt on my site.

PM me if you would like more details.

[TheRichJerksNet]

Quote:

Originally Posted by hiphil

Have you examined the content of the index file they uploaded?

It might be a Trojan horse. Then the hacker can use the file as a back door to plant other files on your site. For example fake banking site or other phishing site. Or they might set up a spam relay on your site.

I have created some scripts to disable files that are added to my site by hackers. Just 2 days ago this foiled a hacking attempt on my site.

PM me if you would like more details.

They do not need to add any code to a index file.. They added the index file which means they already have access (backdoor access)..

Which also means the db itself could have already been compromised as well by the same hacker..

James

[lookielookies]

Just found out a same file had been uploaded to another folder on the same server.

Both are folders that serve as addon domains. One has a WP install, so I have been reading quite a bit about securing WP.

But the second file was uploaded to a folder that only has an index.html file and an empty cgi-bin folder... So I take it protecting my WP installation won't solve the problem...

Quote:

Have you examined the content of the index file they uploaded?

Forgive me for not knowing, but why does the 'This site has been hacked' index-file have a Hotmail address and full image links on it?


hiphil, I'm setting up your EasySweepSystem - have sent you a PM about it.

[tommygadget]

Can you simply rename the admin login page to something like seoni23iubfgws.html and then keep that filename somewhere safe? Also, with message moderation on, are you safe (at least more so?).

TomG.

[TheRichJerksNet]

Quote:

Originally Posted by tommygadget

Can you simply rename the admin login page to something like seoni23iubfgws.html and then keep that filename somewhere safe? Also, with message moderation on, are you safe (at least more so?).

TomG.

Tom,
Simply renaming the admin index file will do nothing.. Hackers still know the path to your admin login and that is all they need..

The only way to protect the site is to protect wordpress, and there is no system out there but WordPress Secured that will explain to you how to protect wordpress..

I certainly would not install more scripts that ask for private information such as logins to try and protect something that was already hacked to begin with .. But that's me I guess, I have been building websites for over 15 years...

James

[Louis Raven]

Happened to me a while back.

Check all your root folder contents for unusual files and DON'T upload a backup of your site unless 100% sure he wasn't in their when you backed-up.

Anyhoo, don't take my or anyone elses advice before contacting your host who is trained to get rid of these problems fast!

Louis....

[tommygadget]

Just be careful about your host's tech support. Some of these guys really have no clue what they are doing. Once you find a good one, try to ask for the same person.

TomG.

[TheRichJerksNet]

Quote:

Originally Posted by tommygadget

Just be careful about your host's tech support. Some of these guys really have no clue what they are doing. Once you find a good one, try to ask for the same person.

TomG.

Now aint that the truth ...lol I personally try to stay away from support techs myself and handle my server myself.

James

[Louis Raven]

Quote:

Originally Posted by TheRichJerksNet

Now aint that the truth ...lol I personally try to stay away from support techs myself and handle my server myself.

James

lol I didn't have enough time to learn 2 years worth of system operating