I've been HACKED!

13 years ago

First things to do in the situations like this would be to contact support and see if they can do anything (it may have been a failure on the hosting side but most probably not). Then you should of course change all the passwords. Actually that password thing should be done first and quickly!

It really sucks to see your own website hacked... :/

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4339481].message }}

John Maddy

13 years ago

Originally Posted by Subsonic

First things to do in the situations like this would be to contact support and see if they can do anything (it may have been a failure on the hosting side but most probably not). Then you should of course change all the passwords. Actually that password thing should be done first and quickly!

It really sucks to see your own website hacked... :/

Nice info man. You really help me a lot

Thanks

Signature

XenForo Plugins | XenForo Templates | Royalty Free Audio | Buy Vectors | Buy eBooks

{{ DiscussionBoard.errors[4374229].message }}

mywebwork

13 years ago

So sorry to hear you were attacked.

You have the right idea - change all your passwords and restore from a known-good backup.

Make sure you have your file permissions set correctly, and create new WordPress security keys from http://api.wordpress.org/secret-key/1.1/ and edit your wp-config file to use them.

You may even wish to re-install using a different MySQL table prefix, if you do you'll need to edit your MySQL backup file to reflect this.

It does indeed suck, but it could have been much worse - at least you were smart enough to have a backup (its amazing how many people don't!).

Best of luck with your site.

Bill

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4339670].message }}

cjt 13 years ago

Thanks Subsonic & mywebwork
- Thanks
{{ DiscussionBoard.errors[4344611].message }}

Jake Gray

13 years ago

Be sure to keep all 3rd party applications UP-TO-DATE!

It's vitally important to keep all software to their newest versions.

It's quite simple to understand actually - Let your host manage your
hosting account while you manage the simplest thing of all - Your things
that you use (such as WordPress, PHPBB, etc).

[ 1 ] Thanks

{{ DiscussionBoard.errors[4344788].message }}

Monitium

13 years ago

To avoid this in the future it is good to have your admin files not named "admin." Also, I have found that most hosts will not do anything about the recent security issues so talking to them has always been a waste of time for me but it I suppose if you have the time, it is worth a shout to them.

Also, if you are talking about wordpress sites, check out a plugin called bulletproof security. It has been helpful to our team.

Sorry this happened - it is never fun.

[ 1 ] Thanks

Signature

Monitium
The Ultimate Wealth Creation System

{{ DiscussionBoard.errors[4344818].message }}

JustFelix

13 years ago

That is pretty scary, you didn't download any freebies on the internet right? A free wordress theme or anything?

[ 1 ] Thanks
1 reply

Signature

Learn How to Make A Website at our Make a Website Tutorial Site

Make 10k-30k a Month By Becoming A Online Merchant For Lazy People!

{{ DiscussionBoard.errors[4344870].message }}

cjt 13 years ago

Originally Posted by JustFelix

That is pretty scary, you didn't download any freebies on the internet right? A free wordress theme or anything?

No justfelix, I'm using a premium theme.
- Thanks
{{ DiscussionBoard.errors[4366294].message }}

Abledragon

13 years ago

Very sorry to hear that, and I can understand how you feel.

In addition to the tips people have given above, also make sure that your machine hasn't been compromised and use SFTP rather than FTP.

More details (and some other tips) here:

http://www.wealthydragon.com/2010/01...ity-wordpress/

Cheers,

Martin.

[ 1 ] Thanks

Signature

WealthyDragon - Earning My Living Online

{{ DiscussionBoard.errors[4345659].message }}

mr141wp

13 years ago

It is a major security concern these days as hackers trying to access websites based on wordpress, joomla and other community platforms.

If you are using WordPress, Joomla, Drupal etc, keep the software package updated all the time and give proper access to the the directories so that they are not open to attack.

[ 1 ] Thanks

{{ DiscussionBoard.errors[4346339].message }}

espe

13 years ago

Im sorry to hear that!

I know how they do it its pretty dumb, I guess you have an old script or you installed it really bad.

they may have found php,asp or aspx files in your server that has /something.php?some_variable=something

they got access to your mySQL server they got the admin MD5 hash, they decrypted it..password is now in their hands and they uploaded a shell (php file with admin permission) and from that point they did whatever they wanted with your website.

check every line in your SQL syntax find possible errors and fix them.

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4358810].message }}

cjt

13 years ago

Originally Posted by espe

Im sorry to hear that!

I know how they do it its pretty dumb, I guess you have an old script or you installed it really bad.

they may have found php,asp or aspx files in your server that has /something.php?code=number

they got access to your mySQL server they got the admin MD5 hash, they decrypted it..password is now in their hands and they uploaded a shell (php file with admin permission) and from that point they did whatever they wanted with your website.

check every line in your mySQL syntax find possible errors and fix them.

Hi espe
If I delete the database and restore a backup from way before the hack on a new database, would this fix what you are talking about?:confused:

Thanks
1 reply

{{ DiscussionBoard.errors[4366310].message }}

espe 13 years ago

Originally Posted by cjt

Hi espe
If I delete the database and restore a backup from way before the hack on a new database, would this fix what you are talking about?:confused:

the problem is not in the database is in the script you are using to handle the information between the user and the database, update it.
- Thanks
{{ DiscussionBoard.errors[4373047].message }}

pmcgrath

13 years ago

hi
just to join in this discussion .i have the utmost sympathy having just discovered that 4 of my sites have been hacked 2 amazon blogs and two affiliate sites these two both domains are due to expire in a few days so cant be bothered to keep them up .
I contacted my host in India and they have been really good restoring the blogs to there former selves.That means when there URL is typed into googles search bar they at least show up ,also have to change the cpannen passwords and the wordpress admin passwords
However it seems like various files on the two blogs where set at 777 which allows access to anyone (i got them built for me) have been told how to change them theres a good gig on fiverr where he fixes the loopholes and restores and gets you a backup file of your site I havelearned the hard way many security lessons but the fact remains that my home schooling site was turned into aporno site by a Turkish hacker and the rest wher hacked by a group of hackers in Asia
regards peter mcgrath

[ 1 ] Thanks
1 reply

Signature

pmcgrath

{{ DiscussionBoard.errors[4359691].message }}

figgity 13 years ago

That happened to me too on one of my Wordpress sites. I feel your pain. Luckily, they only altered my index.php file. I think they must've gotten in through some WP backdoor because I am usu. kinda slow to do the updates. :p
- Thanks
{{ DiscussionBoard.errors[4359757].message }}

ussher

13 years ago

* do you ever upload stuff via wifi?
* Ever login to your account on a http:// (not https:// ) connection in a public place like starbucks or a hotel lobby?
* do you use FTP or SFTP to upload stuff?

If the answer is yes you could be broadcasting your login details to anyone listening.

might not be a hole in your server at all. The user could have logged in with the details you gave out over an insecure connection.

[ 1 ] Thanks

Signature

"Jamroom is a Profile Centric CMS system suitable as a development framework for building entire communities. Highly modular in concept. Suitable for enterprise level development teams or solo freelancers."

- jamroom.net

Download Jamroom free: Download

{{ DiscussionBoard.errors[4360570].message }}

nordend

13 years ago

When the index page has been hacked and changed how do you fix this?

Thanks

Signature

Discover the secret marketing links and discover genuine marketing genius ! click here for secret marketing links

{{ DiscussionBoard.errors[4361163].message }}

viscoa

13 years ago

Sorry about the attack. Hope you recover from it and keep moving forward!

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4361183].message }}

davidstar 13 years ago

You do not trying to fix the existing page. Only use your backup copy and tighten the belt, especially on backdoor access. Use only core FTP program. Start over if you do not have backup.
- Thanks
Signature

Link Building Service at SEOdigy
Link Buiding Service
{{ DiscussionBoard.errors[4362139].message }}

upendraets

13 years ago

Just go to your webmaster tool and remove your URL with URL removal tool . refresh your all content. and resubmit.

Thanks
1 reply

Signature

upvc windows manufacturers in India
UPVC doors

{{ DiscussionBoard.errors[4366864].message }}

Workman

13 years ago

Originally Posted by upendraets

Just go to your webmaster tool and remove your URL with URL removal tool . refresh your all content. and resubmit.

I do not suggest doing this. It will not stop Google from crawling your site and it'll will take longer for your content to refresh.

If you don't want Google or other search engines to see your content while your site and you can fix the problem quickly, I would throw this into your robots.txt in the root of your web directory:

User-agent: *
Disallow: /

This asks search engines NOT to index your pages. I know it's bad enough to ask not to be indexed, but if your site is compromised and a malicious javascript file was uploaded or linked this is an even worse fate and can take much longer to get removed from that blacklist. Not to mention it will scare off any customers you might have once you fix the problem.

If you check the source of your page and see a .js file included somewhere that doesn't look legitimate, I definitely suggest closing it down to search engines until you can rectify the problem.

Be sure to remove those lines from robots.txt once you're confident that the issue has been resolved.

Good luck

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4367707].message }}

Sea1c

13 years ago

I was in the same boat, some jacka** called jago-dz, wish I could find him and have a quiet little word. I guess it is better he did this and advertised it rather than quietly place a malicious code in there some where.(which I guess he may have done as well).

On the of chance he did I completely deleted my sites and re installed everything from my backups on my home server. I changed every password I could find. If you are interested there are a number of password progs out there that will generate a crazy complicated password and store it for you on your PC. A free one is called Keepass. Of course non of that matters if you are broadcasting your password for all to see.

Originally Posted by espe

they got access to your mySQL server they got the admin MD5 hash, they decrypted it..password is now in their hands and they uploaded a shell (php file with admin permission) and from that point they did whatever they wanted with your website.

check every line in your mySQL syntax find possible errors and fix them.

Thanks for that I was curious about how they may have done it.

Anyway, best to be safe rather than sorry, completely clean your sites and re-install from scratch. I am sorry if you do not have any backups, I bet you will from now on eh?

If you can not get to your sites quickly then you should defiantly suggest to the google bot not to browse until you have had a chance to fix things.

Waste of everybodys time, but I guess these losers have nothing else to do with their time, personally I prefer a good book.

Steve C

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[4369763].message }}

cjt 13 years ago

Thanks Steve
I have all backuped up except for one of the hacked blogs. Musted have slipped through the net, not that I have a lot...but thats OK, it wasn't doing much. I'll just scrap that one.
I have deleted everything from the servers and waiting to reinstall the one that I have.
These blogs were on JustHost and I have been reading in some posts they are not the most love hosts around. I have other blogs on HostGator but just thought of spreading them around.
I did get onto JustHost support which they gave me their templated hacking info, what to do etc. but haven't gone back for more support, thought I'd get more info in here...

Could anyone tell me how hard/painful just to move it all back to Hostgator. Domains just need the DNS changed but what about hosting?
- Thanks
{{ DiscussionBoard.errors[4371730].message }}

cardine

13 years ago

Originally Posted by cjt

[*]do I just restore a backup and continue playing..?

Definitely do not do this. There is some sort of security vulnerability in one of the plugins/scripts you are using, so if you restore a backup that vulnerability will still exist and it is very likely you'll get hacked again.

I'd change all of your passwords and upgrade all of your software to it's latest versions.

Could anyone tell me how hard/painful just to move it all back to Hostgator. Domains just need the DNS changed but what about hosting?

A hack like this has nothing to do with what host you are using. Moving to Hostgator will not fix anything. If one of the scripts/plugins you are using has a security vulnerability, it will continue to have a security vulnerability no matter where it is hosted. What is most important is that you upgrade all of your plugins/scripts, as most developers release security patches for their software all the time.

[ 1 ] Thanks

Signature

Automatically Generate Unlimited Unique High Quality SEO Content for ANY Keyword with Article Forge! Sign Up Now for Your 5 Day Free Trial!

{{ DiscussionBoard.errors[4376841].message }}

Abadi339

13 years ago

so sorry..

Thanks

{{ DiscussionBoard.errors[4385321].message }}

Ross Petal

13 years ago

Sorry to hear about the hacking. It is so common nowadays. I've heard of some software you can get to protect your PC or laptop. It was mention in one of the WSO's in here. I'll try and get you the details.

[ 1 ] Thanks

{{ DiscussionBoard.errors[4386109].message }}

masterxm

13 years ago

Choosing the right Password with uppercase and lowercase letters are essencial for not beeing hacked.

And also check your Browser too if its a Phishing Website !

[ 1 ] Thanks

Signature

{{ DiscussionBoard.errors[4386345].message }}

Big Squid

12 years ago

Ugh! I've been hacked a couple times and, truthfully, I'd rather lose my wallet. It's much easier.

People have left some good advice on here, you should follow that. The one thing I'd suggest is check your .htaccess file. Make sure everything is good. It's permissions should be set at 644. Typically, hacked .htaccess files get set to 444.

In addition, you can set up you .htaccess to block unauthorized access, and eliminate directory browsing (that is key). A simple Google search will bring up tons of info on that.

Thanks
1 reply

{{ DiscussionBoard.errors[6925718].message }}

tomfinster

11 years ago

Originally Posted by Big Squid

The one thing I'd suggest is check your .htaccess file. Make sure everything is good. It's permissions should be set at 644. Typically, hacked .htaccess files get set to 444.

Ok, let me see if I am understanding you correctly!? Are you saying that if I set my permissions to 444 instead of 644, then I am increasing my chances of getting hacked? Is this what you are stating? And if not, can you please elaborate?

Many Thanks,
Tom

Thanks

{{ DiscussionBoard.errors[7667439].message }}

campeche10

12 years ago

This is so great information I wish I should have know this before. A few months ago one of my account got hacked and now that i see i will double check all of the information

Thanks

{{ DiscussionBoard.errors[6945062].message }}

rising_sun

Banned 12 years ago

Increase your security or
just read more about security,
It's a matter of sorrow to be hacked .

Thanks

{{ DiscussionBoard.errors[6955694].message }}

joseph01

11 years ago

SOME ADVICES :

-> Change your password every 2 or 3 months (there is no eternal pssword)
-> Don't Install non-trusted Plugins (Wordpress or Joomla)
-> for Non Wordpress sites pay attention to SQL INjection and Directory browsing

Thanks

{{ DiscussionBoard.errors[7668724].message }}

kentooz

11 years ago

What CMS you used? If wordpress try
1. Always update your CMS with new update this is fixed CMS bugs.
2. Do not use plugin except from wordpress.org or use premium plugin in accordance with wordpress new version.
3. HTACCESS must be 644 for permission.
4. Find suspicious script in your webhost.
5. Maybe you need support from your webhosting.
6. Check vulnerable in check vuln online (search in google)

Hopefully this can be the solution for you

Thanks

{{ DiscussionBoard.errors[7669202].message }}

abraham26

11 years ago

You have dedicated or VPS server? Can be hacked another site on VPS or the server itself and then the hacker have access easily to any site from that server.

1. Scan PC with antivirus updated (there are viruses that autoconnect with your FTP program and upload malicious file).
2. Update regularly Wordpress or what CMS you are using.
3. Update plugins and delete unused plugins
4. Update theme
5. Use strong passwords to not be hacked by dictionary attack
6. Use a service that alerts you when something is changed on your code http://sucuri.net/services
7. More security tips related to Wordpress here Hardening WordPress « WordPress Codex

The first rule is to have always backups (there are automated ways to do that).

I was hacked too, i know the feeling

Thanks
1 reply

{{ DiscussionBoard.errors[7669266].message }}

so11 11 years ago

Hello,

the only way to know that everything is clean is to restore from a clean backup or do a comprehensive security audit on your site.

Advices provided here are excellent, but the problem is you still don't know what exactly happened.

My recommendation is :
1.(if possible) restore from a clean backup
2. Scan your website using a free or professional security service
3. Patch up identified vulnerabilities and apply recommendations from the security service.
4. Adopt good security practices

In order to correct the problem you need to identify it first!

good luck
- Thanks
Signature
www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.
{{ DiscussionBoard.errors[7670221].message }}

rockong

11 years ago

I hate hackers! Unless they're working for me then I love their development skills (not their hacking skills lol)

First, contact your hosting company to see if they have backups that they can restore for you. The great hosting companies (shout out to xygenhosting) have these and will perform it for you for free.

If they can, change your cpanel password after and make sure everything is up to date.

If they can't, I wrote down in a .txt file step by step instructions on how to clear out WP files after being hacked. Send me a PM if you would like it.

Thanks

Signature

Are you a SEO company? Make extra money by becoming a white label backlink audits and removals service reseller.

{{ DiscussionBoard.errors[7679446].message }}

IMDESTROYER

Banned 11 years ago

was it a password hack? Im about to launch a site but i don't have a database. Did they hack into your hosting providers servers or did they just get past your password?

Thanks

{{ DiscussionBoard.errors[7682166].message }}

I've been HACKED!

Trending Topics

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?

Are billboards still effective in driving customers?

Boat and Jet Ski Rentals...... Door Hangers Effective?

A Very Strange Internet Problem