Sites have been hacked. Can anyone help?

Three questions:

1) what kind of sites? (ie: blogs or html or?)
2) Can you still access your CPanel
3) have you contacted your hosting company?

If you can still access your CPanel, go in and see if you can find the offending files - if you can, delete them immediately. And if you can't log in, or can't find or can't delete them - contact your hosting company for help - if you are on shared hosting they may have to go in at the root level to get the offending files off the server. They should also be able to assist you with advice on the best way to secure your sites in the future, which will vary depending on the type of site and server you are using (among other things).

Melody

Norma,

Sorry to hear that.

Do you have a backup of the sites or can your hosting company provide one?

Yes, all sites are OK in control panel. I have contacted host and this is the response from Live Chat. I have put in a ticket and changed password. Have not yet scanned computer.

"Your codes were changed, you need to restore your files from the backup or place a ticket with such request on our helpdesk and we will do that for you.I also recommend you to change your current FTP password through the Control Panel (Manage -> FTP manager -> Password icon). Some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So you need to scan your local PC for viruses (using in-depth scanning) and change your current FTP password."

If you click on any of my links below it will come up with the hacked message.

The main problem is to get the sites back and working asap and to not let it happen again. It is also a warning to others. I think we often neglect changing our passwords often enough. However, I don't think that helps if they want to do it they will find a way.

God bless

Norma

Hi Norma PM me I will tell you what to do

Hi Norma,
Sorry to hear that ..

I can almost bet it is just a script kiddie and your full sites are still there.. If Mohamed can't help you send me a PM ...

James

Hi Norma - yes, I have had it happen - most likely, all that has happened is that they have changed your passwords (that might be what the support person meant by codes) and uploaded a new home page BUT - I would make sure that you have someone experienced from the hosting company check your files at the root level (chances are you do not have access to the root level) to make sure that nothing more has been left behind by the 'darlings'.

And even if the files look okay, I would still upload your backup version - or have the host do it for you - to make sure you have a 'clean' copy.

And especially if it's a wp blog - get James's WordPressSecureed above!

Good news everyone.

The hackers used an index page and I removed it from the sites and reloaded them. They are now all up again and thanks to Mohamed, James, Beckey, Christine, Melody and others. You are all one, um that's not right, lets say 5 in a million.

What great people we have here. I hope I can return the favor some time.

God bless

Norma

user "i-love-plr" is right - if you have a shared hosting account then you're putting security out of your control. You're sharing resources with an unknown entity and that is very very risky.

If you are in IM then your website is your business. If you are serious about your business you should not be taking risks like using a shared hosting service. VPS is the bare minimum you should be using, preferably your own dedicated server.

Ok I am going to post this because newbies should not be scared off thinking they must pay for an expensive dedicated server. Yes I run several dedicated servers but .....

Being on a shared hosting account does NOT make your site less secured. If you are with a good hosting company that monitors their servers and keep their systems up-to-date then you are fine.

Let me explain:

If john and jane are on a shared server and john has his website hacked then that does not effect Jane at all, the hacker would have to hack Jane's website to have access to it.

Each account on a shared sever is handled individually, each with thier own control panel, ftp, passwords, and etc... In this case Jane is safe from the hacker because they only hacked John's website. The hacker has no access to Jane's just because he hacked John's.

The downfall with a shared hosting account is not security but someone else using up system resources. So if John happened to use too much bandwidth, cron jobs, too many sql processes, and etc. then that can effect the website Jane has.

With that said, let me also explain to those that preach get VPS.. VPS (Virtual Private Server) - This is a server that is NOT dedicated and also DOES share system resources. As a matter fact even a dedicated server is not 100% dedicated as it also shares resources.

Only way to have a 100% dedicated server is if you own the server yourself...

The only need to have a VPS or Dedicated server would be due to bandwidth, space, and speed.. Other than that if you do not need faster speeds, more bandwidth, and more space, then stay with shared hosting..

James

Norma ,
I am glad to hear that you have found the problem. Also , I want to stress what Melody suggested - If it is a WP- Blog get James' WP Secured product. Folks I am also suggesting that we all support James with this product and we all take advantage of this great resource that he provides. James has helped many of us greatly. He provides a great product and we need to spread the word about this awesome resource.

The sad thing is if we do not help spread the word and help him move more product - James will not be able to afford putting hours of his time into development of future updates unless he has a customer base to work with.

The more customers we can send his way the more on an incentive he will have to continue offering this great service which will benefit all of us in many ways.

All of us know how extremely important our businesses are to us. We must take action and try to secure them as best as we can. WP Secured is a product we can count on. Yes , nothing is 100% effective but any option available to help prevent less hacks the better we all will be. So , I ask that each of you contact James and ask him what can we do to help him promote this great product of his. Remember , we need for him to continue his plans of development and offering updates to this great resource. Also , if you have not yet purchased this product I highly suggest that you do so.

Thanks,
Jason

This is the word from my host support dept which I am posting here so as others can be helped by it.

Dear Norma,

The web server is very resistant to outside hacking attempts.
Usually when we receive reports that a website has been hacked it is because the customer has outdated software running on his site and has not patched known security holes. Please note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS, any other php-based applications). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected. You should check to make sure that you are running the most secure version of web-based applications and also that none of your modifications could produce a way for an attacker to gain entry to your site. You should check with the creator of these softwares for security updates.

Well, what could be done to prevent it from happening again?

So, It is strongly recommended to review everything that you have in website folder and try to determine the way you may protect your applications. For example, If you have any widely-used software installed (forum, blog, etc.etc.), check the vendor site for recent updates or security fixes.

Please also note that your files are located on the Linux-based server and you are able to change file/folder permissions so make sure you do not have any "open" files/folders with write permissions set for all.
So please check if any folders has full granted permissions 777 set, which is means that it's worldwriteable for anyone from the Web. Recommended permissions are 755. Please let us know if your content should be restored, so we will help you with it.

I also recommend you to change your current FTP password through the Control Panel (Manage -> FTP manager -> Password icon). Some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So you need to scan your local PC for viruses (using in-depth scanning) and change your current FTP password.

It will prevent your websites from further attacks. Thanks for your cooperation. Should you have any further questions, feel free to contact us at anytime, we are available 24/7.

Kind regards,
Arthur Riskal
Technical Support
24/7 Live Chat


In response:

I am not running any out of date software as all of it is from the host company. One of my sub domains was altered to 777 due to trying to get a membership site working. I have taken steps to reverse that.

There are no trojans or viruses on the computer that have been identified by the scanners. I am using Vista which has pretty good virus protection on it. Also Firefox.

I have now changed my password and will do so every few days if not every other day.

Thanks again to all the wonderful people who have offered so kindly to help me out of this dreadful situation. And to all the good wishes of the kind hearted souls who felt for me, thanks. I appreciate it all.

God bless

Norma

Boy, I dd not realize the need to look into the security angle as I thought it is handled by the host. Certainly will go into now and more fool me for depending on others for what I should already know and be doing.

This is just one more reason why this forum is an essential part of my daily requirements. Without you guys I would know a lot less about these important issues.

James I want to help you promote your products as much as possible. Can you PM me the details of what you would like me to do.

God bless

Norma

Hi Joanne,
I sent you a link that I send my subscribers, special discount price ...

Hostgator, yes they make regular backups of all their systems, a restore though will cost you like $15 unless you get an admin in a good mood ..lol

James

Scarey problem, but very interesting comments. It's great to see such support readily available.

for password, get roboform, it will take care of complex password for you. all you do is to login once.

Norma,

I just had the same problem, I wish I had checked here first. I had been locked out of all my sites (not fun) Everything is back up and running but at least now I know what to do.

Thank you,
Kathy Baka

Review Crushers