by 2gts
22 replies
I need your guys help...

My site is continuously getting hacked.

The hackers are getting in and changing the home page to redirect to this

anadian-discount-pharmacy- removed the com

I noticed it this morning, got rid of it, changed my password, uninstalled fillezilla.... then 15 minutes later my traffic was getting redirected again!

I have Avast on my computer, it shows no viruses. (Although I'm running a Mac with Windows and only have it on my Windows side, not sure if this matters?)

Anyone have suggestions? This is killing my business, we've lost thousands because of it.. it's been going on and off for over a month.
#hacked
  • Profile picture of the author Amber Lamps
    what's your domain? let me take a look..
    {{ DiscussionBoard.errors[1906006].message }}
  • Profile picture of the author Flipfilter
    Hi - I feel your pain!

    1st thing to do is install and run Malwarebytes Anti Malware, and post the scan results.
    Most virus checkers struggle with Malware
    {{ DiscussionBoard.errors[1906020].message }}
    • Profile picture of the author TinkBD
      I ran into this about a year ago... I checked both computers with just about everything under the sun... couldn't find the problem.

      Eventually my computer guy suggested we wipe the laptop and reinstall Windows. I used just the clean laptop for about 9-10 months, and periodically tested the desk top with a throwaway domain.

      I have moved back to the desktop and all is well, so I think the original prob was the laptop...

      Now, you may ask... Tink, what's your point?

      Well, neither the laptop nor the desktop showed any problems... I was running ZA, Malware Bytes, AdAware, and Spybot Search and Destroy...

      My point (finally!) being that you can have a problem on the computer and you may not be able to find it!

      Tink
      {{ DiscussionBoard.errors[1906035].message }}
  • Profile picture of the author Gary King
    Change the password on your hosting account.

    Contact them to see if there are any issues with sites on the same server as yours.

    Make sure if you are using wordpress that you have a strong password on your admin account.

    There's more, but start there... hope it helps.

    Gary
    Signature

    ===========================
    OFFLINERS! Warning: Unless You Know These Pricing Secrets, You are Leaving THOUSANDS on the Table. Get Your Free Report Now.
    {{ DiscussionBoard.errors[1906028].message }}
  • Profile picture of the author tbunch
    What type of site are you using? Is it a blog or static html? It seems you know what they are doing so you just need to block them from doing it. That may be 1 of a number of things but it depends on what type of site.
    Signature
    Hey want some
    FREE KEYWORD MARKET RESEARCH
    Then check this out
    My Free Samples Page
    {{ DiscussionBoard.errors[1906043].message }}
  • Profile picture of the author nebraska
    check the permissions on your index.php file and root directory too. If they have any write capabilities then it's not too hard to sneak an index.html file to do what you want.
    Signature

    {{ DiscussionBoard.errors[1906048].message }}
  • Profile picture of the author Dennis Gaskill
    1. Contact your host and find out the maximum number of characters you can use in your password and if you can use special characters. Then create a password that uses the maximum number of characters, use upper and lower case letters and numbers, and special characters if they are allowed. A good password looks something like this: s8&dC39)j$D^n

    2) Go into your control panel and disable anonymous FTP. Most hosts have this enabled by default.

    3) The host could have planted a backdoor the first time in. You'll have to go through all your folders and pages and look for anything that doesn't belong there - scripts, code, etc.

    4) Uninstall any recent scripts or open source software you recently installed, that's often the point of entry. Make sure everything you use is up to date, for example, if you use Wordpress make sure you have the latest version. I'd also recommend getting Jim Stein's (TheRichJerkNet) product for locking down Wordpress.

    Who is your host? Some hosts are hacked a lot more often than others because they don't install security upgrades in a timely fashion or they're just not as knowledgeable as others.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[1906064].message }}
  • Profile picture of the author Dave d
    I had that problem once on a shared hosting account with hostgator and when one site got hacked the whole lot went down so I switched to a reseller package. Hostagator were amazing in sorting all of this out and they change my password every now and then to keep everything ticking over and I never had any problems since.
    {{ DiscussionBoard.errors[1906128].message }}
    • Profile picture of the author 2gts
      Thanks guys, lots of great responses.

      So the domain is 2girls teach sex com/new

      It's where I originally started testing for this business. So the majority of the traffic was going to that URL.

      About a month ago sales slowed, and after doing all sorts of things to figure out why, we finally saw a script buried in one of the pages (in the /new that I was testing.) We deleted the script, but it kept coming back... so I just put in a php redirect as the index in the /new folder to redirect traffic to another domain. For awhile this was good, but now the hackers are aggressively uploading there own redirect to take our traffic and put it to their pharmacy site. Which sucks because we have lots of media buys pointing to that domain which we can't easily change.

      We're hosted with wwkiosk.com

      for the password, I just changed it to something like #@dsa#@d631:"

      In 15 minutes the hackers were back in.

      As far as deleting all files on computers isn't really an option, because of multiple people who log in.

      Thoughts?
      Signature
      Here's how to Make $3,274,316,397 dollars in 13.25 seconds
      (Link taken down because I made too many people rich)
      {{ DiscussionBoard.errors[1906207].message }}
      • Profile picture of the author Sara Young
        Originally Posted by 2gts View Post

        Thanks guys, lots of great responses.

        So the domain is 2girls teach sex com/new

        It's where I originally started testing for this business. So the majority of the traffic was going to that URL.

        About a month ago sales slowed, and after doing all sorts of things to figure out why, we finally saw a script buried in one of the pages (in the /new that I was testing.) We deleted the script, but it kept coming back... so I just put in a php redirect as the index in the /new folder to redirect traffic to another domain. For awhile this was good, but now the hackers are aggressively uploading there own redirect to take our traffic and put it to their pharmacy site. Which sucks because we have lots of media buys pointing to that domain which we can't easily change.

        We're hosted with wwkiosk.com

        for the password, I just changed it to something like #@dsa#@d631:"

        In 15 minutes the hackers were back in.

        As far as deleting all files on computers isn't really an option, because of multiple people who log in.

        Thoughts?
        Yeah, I have experience with this kind of thing as well, unfortunately.

        Once they have a backdoor into your site it is hard to remove it unless you know what you're doing.

        Get a techie to look at your site so they can find the backdoor and remove it.

        Also make sure that all the scripts you are using are secure and up-to-date. Make sure stuff like Apache, PHP, WordPress, or whatever else you are using is up-to-date as well. And remove any script that you don't need on your server.

        Hope that helps...
        {{ DiscussionBoard.errors[1906231].message }}
  • Profile picture of the author Janet Sawyer
    Originally Posted by 2gts View Post

    I need your guys help...

    My site is continuously getting hacked.

    The hackers are getting in and changing the home page to redirect to this

    anadian-discount-pharmacy- removed the com

    I noticed it this morning, got rid of it, changed my password, uninstalled fillezilla.... then 15 minutes later my traffic was getting redirected again!

    I have Avast on my computer, it shows no viruses. (Although I'm running a Mac with Windows and only have it on my Windows side, not sure if this matters?)

    Anyone have suggestions? This is killing my business, we've lost thousands because of it.. it's been going on and off for over a month.

    You've lost thousands because of it...... and it's been going on for a month.

    Dude if it's that profitable, pay someone with the right knowledge to sort it out for you. Penny pinching or just exaggerating!
    {{ DiscussionBoard.errors[1906505].message }}
    • Profile picture of the author 2gts
      Originally Posted by Janet Sawyer View Post

      You've lost thousands because of it...... and it's been going on for a month.

      Dude if it's that profitable, pay someone with the right knowledge to sort it out for you. Penny pinching or just exaggerating!
      I'm open to recommendations... If anyone has used good people in the past to solve this, I would love to hear it.
      Signature
      Here's how to Make $3,274,316,397 dollars in 13.25 seconds
      (Link taken down because I made too many people rich)
      {{ DiscussionBoard.errors[1907170].message }}
  • Profile picture of the author Damz
    Hello 2gts..
    I faced the same situation 2 years back, hacker accessed to my site and continuously changing my adsense ID to him..I changed hosting password..and what ever I could do..Nothing happened,,

    So finally I downloaded all my files in web host to my PC using FTP and scanned using Kaspersky Internet security..Yes..the hacker uploaded some viruses / malwares to my site to gain access.

    So download all files to your PC and virus scan them,,and reupload again with a new hosting password..thats what I did.
    {{ DiscussionBoard.errors[1907194].message }}
  • Profile picture of the author aandersen
    yes i completely agree with damZ i would do this first thing
    and change your database passwords as well

    i would also make sure you do all this from a pc that you know is clean because if there is a keylogger on your system you are just going to be giving your pw right back to them
    Signature

    signature goes here

    {{ DiscussionBoard.errors[1907330].message }}
    • Profile picture of the author 2gts
      Thanks for all your replies,

      The hacker was removed, here's how it went down.

      The hacker had gotten the ftp password from a virus that finds your stored passwords from filezilla.

      Once he got the password he uploaded a remote access script to the server

      It had been there for awhile and to monetize, he was changing my redirects to his fake pharmacy site.

      To find and get rid of him, all I had to do was a search for php files in the file manager, download them, and look at the code.

      While looking at the code on these scripts, it was obvious which was the hack. the script said, "this script will grant remote access"

      Once found, I just changed the password and deleted it.

      He's been gone since.

      So thanks for all your replies, this was a big help in solving the problem and I hope this thread helps others in the future.
      Signature
      Here's how to Make $3,274,316,397 dollars in 13.25 seconds
      (Link taken down because I made too many people rich)
      {{ DiscussionBoard.errors[1930204].message }}
  • Profile picture of the author SEMwinners
    glad you got it sorted out. So is FileZilla dangerous to use? Crumbs, I like it....
    {{ DiscussionBoard.errors[1930397].message }}
  • Profile picture of the author spearce000
    Yes, I've had this problem too. One of my sites kept getting hacked by someone installing (literally) hundreds of hidden links to an Iranian college in London. My data logs showed an IP address in China seemed to be responsible by installing a malicious php script that implanted these links. They were everywhere: home pages, blog templates, even password protected areas like download pages. I tried changing passwords, made sure none of the pages had 777 permissions and so on, but nothing deterred the hackers. As soon as I deleted the links, they would be put back again . The sites were hosted on a VPS, so I can only think whoever was responsible for this was getting in via some kind of backdoor from another account on the same server. My hosting company wasn't a lot of help, so in the end I had no alternative but to move to another server and provider. It was a lot of hassle, but I was getting desperate. If this is happening to you, this might be your only solution.
    Signature
    WordPress Security Clampdown – was just for the War Room, now available to all Warriors. Protect your WordPress site from hackers. No opt-in required.
    {{ DiscussionBoard.errors[1933029].message }}
  • Profile picture of the author Courage
    I had this same problem earlier this year.
    Try mailing your hosting provider and tell them what's going on - they can help you
    Mine told me scan my PC with Malwarebytes Anti Maleware

    It found a lot of viruses of scanners didn't find. And since then i haven't had any more hacking problems
    {{ DiscussionBoard.errors[1933365].message }}

Trending Topics