7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Hacker Problems - Help Please!!

by paularad
6 replies
Hello!

I have a number of sites that have been hacked by phishing scams.
The biggest problem I have is that I can't figure out HOW they did it, so I can't fix it.

This is an example:

http://www.my-website.com/~onlinego/...onal/Logon.htm

No files exist on me site that don't belong there, and
I don't know what the ~ symbol is doing.

Could this be an .htaccess hack?

I would really appreciate any help!

Thanks,
Paula

#hacker #problems
  • Profile picture of the author lisag
    PM me with your FTP login information and I'll see what's up.
    Signature

    -- Lisa G

    {{ DiscussionBoard.errors[1586421].message }}
  • Profile picture of the author Profit-smart
    It sounds like they've hit you with an XSS attack. Check your PAGES one by one and look for code that doesnt belong there. A skilled hacker wouldnt add a new page to your site; he would cover up one already there with a script call to his own server.
    Signature
    {{ DiscussionBoard.errors[1586536].message }}
  • Profile picture of the author WD Mino
    Agreed with Profit Smart also you can then download Website Security - Acunetix Web Security Scanner
    this program will scan all your folders files and ports to see if there is any vulnerabilities it is a fantastic program I use it and it does great.
    -
    HTH
    -WD
    Signature

    "As a man thinks in his heart so is he-Proverbs 23:7"

    {{ DiscussionBoard.errors[1587508].message }}
  • Profile picture of the author sidley
    Follow these steps
    1)Check each of the files in your server. Mostly the affected files are index.htm, index.html, index.php. You will see some sort of code added at the end. Please remove them
    2)Clean the system with an Antivirus system from which you will access the FTP
    3)Change your FTP username and password
    4)Pray that it doesn't happen again. If it does, you need to do all the steps.
    Once my sites were affected like this and it took me nearly one week to clean every site
    {{ DiscussionBoard.errors[1589447].message }}
  • Profile picture of the author LenD
    Also check the <body> tag you may see some javascript that doesn't belong.
    {{ DiscussionBoard.errors[1589598].message }}
  • Profile picture of the author phptechie
    Hi Paula,

    FYI ~ denotes your home folder for that FTP User or Domain Name.

    From the URL , I guess that ~onlinego might denote /onlinego folder thats available in your ftp.

    So the first thing , that you need to do is remove or change that directory name & its associated FTP username.

    Then inform this to your webhosting provider & they would definitely help you fix any loop-holes or back-door access to your server.

    In simple , you can NEVER just or anticipate what a hacker is doing or going to do , rather you can keep your house CLEAN, SAFE & SECURE.

    Instead of investigating , better do things to make your server clean & secure.

    Hope this helps
    Signature

    With regards,
    Sundar
    https://www.phptechie.com
    https://www.wpdeveloper.com

    {{ DiscussionBoard.errors[1593015].message }}

Trending Topics