All my sites have been HIJACKED

Have we learned anything?

Keep backups, use strong passwords, login only with SSH, upload only with SFTP?

SSH ? SFTP ?

Can you eloborate
cdarlock

There was a linux exploit announced exactly 1 week ago - during the past week, an unknown number of servers have been hacked, and who knows how many sites have been defaced or taken down.

But, its your responsibility to backup your sites.

I think you should try contacting the companies. You can show them your bank records, as they should have records of your payments over the last 18 months. I'm sure they do. Check this out

You have to contact your hosting company and see what kind, if any backups they have.

Yes!

Congrats, it sucks to get hacked without any backups. Glad to hear you've got some.

Normally, yes. This depends on the nature of your websites whether you can recover "easily" or not. If your sites are wordpress or joomla, for example, you also have databases to worry about. May not be the case if they are just "flat" files (HTML or php usually). Before deleting the "root" content of a particular domain, try uploading your backups to a test folder (for instance, so you can browse to it and view at domain.com/test ) . This is a pretty ok way to see if your backup files might be enough. Hope this gets you started.
Now: side-note: new G*da**y Linux hosting plans (and reseller clones such as myself) keep a 30 day rolling backup (nightly) of files on hosting account. Recovery/rollback is fairly easy and provided right inside the control center as often as needed, no charge. Not a bad feature, almost makes the slowness nearly worthwhile lol. Good luck!

call them and have them do a rollback. its happened to me before and its an easy fix.

When you get your site uploaded, look at the file permissions. In particular, look for any files with chmod 777. On a shared hosting account this is like leaving the back door unlocked for hackers. Consider changing them to 755 or 744. The site explains the subject in detail: Changing File Permissions WordPress Codex

I was once a midphase customer... NEVER AGAIN!

Check out a few hosts I am happy with at Top 3 Webhosting Companies - I am still a customer with all 3 of them!

Be Well!
ECS Dave

It's not always something on your sites that causes the problem...

It can be your computer... Make sure you load it up with a good anti virus.

Biggest Mistake: Using Windows Defender.

I ruined 20 Websites, lost thousands of dollars in reports..

And I bounced back.. .a much smarter person

Caleb

Glad you've restored all your contents back. What I know is you can reinstall with better security solution. You just need to contact your service provider and tell them what you want to do on your sites.

Don't forget to back up starting today.

I was a midphase customer 3 years ago when I first started out...first site was hacked in a matter of weeks, from someone in Europe ( I was able to trace the idiot).

Midphase advised me not to give out my password to people!..I proceeded to tell them they are idiots with lousy security and closed the account. Hostgator is the only one for me know.

I now have my own VPS after the same thing happened to me. It is the only way to completely control what goes in and out of your system. My home computer is the only one with the encryption key to access the server and it is firewalled and locked down after what happened before.

I lost a forum with over 2000 members, 100 of them were paying members...

Thatz the only reason, we have strong passwords and lots of backup plans carried out for each and every single account

Cdarklock has given great info, appreciated

I would advice talking to your hosting company, thou there might be little you can achieve but no harm.

Bummer to hear this man!

I've been way to lax on not using ssh and sftp, I will be totally be using this from now on!

What is the best way to back up all your data on sites? I have seen plugins that do this but I see there are a lot of experienced people here and was wondering if some of you would be able to tell us what you do for your back ups and how often you do them?

Is there a way to do this through a network storage device that is home based?

Really sorry to hear that, i definitely would start by changing my password(s) pronto and I usually keep backups of all sites i put out there.

Former Midphase customer as well.

well this discussion scared me enough to go make some fresh backups...

Yeesh that's bad.

If you were in the UK I would say ... host with these guys -> cPanel Hosting, Domain Name Registration, Virtual and Dedicated Servers - Vidahost Fast UK Web Hosting

Because:

a) They have R1Soft Backup Software operating on all their servers and all their accounts. This means you can get EVERYTHING back should the worst ever happen.

b) They're hot on security.

c) They take care of everything and look after their servers. They don't oversell either. When a server is running at optimum number of websites they invest in new high end servers.

But I guess you're US based?

If you use Joomla for your sites, I can highly recommend the free, open source extension Akeeba Backup. It really makes backing up joomla sites (files and databases) and restoring them a breeze. Still looking for an equally good plugin for Wordpress.

Oh really sorry man. I must say I never really bordered with backing up my sites and all that security stuff because I always thought why would a hacker go after my little and good looking or average looking sites rather the big fine and marvelous looking sites.
But after reading this I think I have start to think twice and will do a full day to day back up so that I don't get to come here and announce to you guys my own bad news.

So Mike,

Did your hosting company help? I'm hoping you've gotten things sorted out and are taking your own backups in addition to whatever they are doing?

It's easy after a recovery to say, ok, I gotta start doing backups and then life steps in and you don't get to it.

If the hosting company can't help with any kind of backup to restore for you, you may consider seeing if you can scrape some of your own content from archive.org.

Go here:
Internet Archive: Digital Library of Free Books, Movies, Music & Wayback Machine

(not an affiliate link of any kind)

Enter your web site address in the box that says "Way Back Machine".

They are basically an indexer - kinda like a search engine, but they keep copies of sites as they change. The last date displayed for a site is the one to click... you could view the source, copy it off and re-create the html anyway... if graphics are shown, you can right-click and save them.

If it was a wordpress or other cms install, it may not help as much, but you could perhaps copy/paste the text from the posts at least.

Hope it helps.

Gary

Man, what a kick in the n*ts. I always keep a local backup of every site I upload. Sounds good that you have your content, but even then it's not a walk but better than nothing. I recommend an easy plugin for WP if they are WP sites like Backup Buddy and the new Wp Twin. Makes complete backups and restores of WP site flawless.

I didn't realize hacking could be a problem. I'll definitely keep backups from now on. I feel for you Mike. Thank you for sharing and seeking advice here. I think it's made a few of us think twice about something we hadn't thought about at all.

Linda

Hello

I just hate all these criminals destroying the internet and our hard work.
This is what just happened to our WP-site...hosted at HG for years.

We recently decided to scan our website, and we realized, that the WP-template we used, had malicious virus planted there, even before we downloaded it ...so I deleted it... and yes, we did have backups. (this was our research-work for passed 3 yrs, with hardly any traffic)

We decided to move the domain and start fresh with a host closer to home, Sweden, and this is when my domain gets hijacked, when unlocking it for transfer to the new webhotel.

Transfer failed and I had to annulate the order completely and it is now parked and locked at the registrar. (and Yes it is paid for)

When googling my domain-name: biochromalab.com it is redirected to an obscure site.

I looked them up...and they specialize in hijacking domains... they are the infamous "searchdiscovered.com" hosted at ztomy.com.

They operate under several names, and they have stolen sites and domains since 2007. How to report them?

I want my domain back!! But don't know how or where to turn.
Please, does anyone know what I can do?

Email your host and ask them if they have a backup, if yes, ask them to restore your files.

I had uninstalled wp on my blog accidentally once and didn't have backups. Someone here suggested I ask my host (host monster) I did and they restored everything the next day, though i lost only a few posts whcih was no big deal.

After that, I realized the importance of backups, now I have automatic backups weekly sent to my email.

I really hope you get your sites back. It must be a horrible feeling. I am really sorry.

Thanks for your reply,

Yes, hopefully there are legal actions to take ...but where?

It is outrageous that those criminals at ztomy.com aren't black-listed, taken to court and sentenced. They have ruined so many ppl.

As for the site at HG, I simply deleted it, and cancelled the hosting of it, as the WPtemplate was too contaminated and I want to start with a "clean sheet".

And I got another domain ext. as well. But I still want my .com back! (it is now locked and parked).

Today, when googling biochromalab.com I did land on the proper registrar site.

How can I check the domain text-code... to find and eliminate hacked strings inserted there, since clicking on domain-link at the registrars landing site does not allow me to edit in the said text-code.

Is there a solution to make it editable?
Or is there a way to scan your domain-name?
I am not a wizard in this problematic field and I am greatful for help!

Thanks in advance
Helen

Damn. I should take backup of my websites and blogs too....soon.

Yeah most hosts will back your site up for a small fee. I run my back ups for all my hosting clients Mon Wed Fri. Sounds like you need to change your host.

If you are on a shared account they should be protecting some of your stuff from getting hacked. Change your passwords and check your scripts for any permissions problems. Also update all of you scripts like Wordpress and the plugins as well.

Peace
Shane

Find a hosting company that takes backups and security seriously!
As an online marketer myself, I know how important backups are and how quickly an entire server can be wiped out.

That's why our servers have a super high data protection setup.
Not only are our servers protected with CDP, but take full advantage of a raid-10 disk configuration.

We are now at our new host, starting fresh!

I will take the advices in previous posts and install all the security measures mentioned. (Host makes daily backups too)

Thanks a lot, all of you, for excellent advice!

This forum is the best there is.
I am glad to be a member of such a splendid community.

Most of the issues can be overcome very easily.

1) make sure you password is secure. try https://www.grc.com/password.htm for strings

2) make sure your software is backed up. You can schedule a backup in CPanel to a folder for

ex. http://www(.)mydomain(.)/random252350-rtgt34t/

and you can then download your completed backups from this folder.

3) Make sure your softwae is upto date. Eg) Most defaces are exploits that are discovered and fixed with updates that stay vulnerable because no updates are done

wordpress is well known for defaces as most people dont know updates are needed. Just like anti virus needs to be updated and recent - so do your web based scripts

4) Limit the number of AddOns you use on one domain - and if that is your choice make sure the root (primary domian) has a 24 character password.

Eg) On an unlimited domain account like all hosters supply the root is breached the entire estate is vulnerable.

Options include a hosting package that offers WHM so you can create seperate container accounts to limit security threats

5) Run Anti virus / Malware software to limit vulerablilty to keyloggers and other trojans that can steal data

6) Update your browsers to ensure vulnerabilities are closed

DaveWebSmith

Oh my! I'm so sorry. What hosting company were you using. I have all of these security plugins set up with wordpress. I don't know how on earth people can actually hack into a website, but they do.

Google - SQL Injection as an example

Like the "Jaibreak" on Iphone - so Apple release the update so the hackers find the vulnerabilities and so on ...

Wordpress is open source. That means anyone can access the code. You add plugins - who wrote them - do they create new vulnerabilities / Yes / No

Its a game of cat and mouse ... keep your wordpress updated (you can do this in the admin area and backups and you will be fine.

DaveWebSmith

Just a short update-message,
My domain .com is now redirected to our new site.
The old one was spread like a virus to all sorts of sites not belonging to us.

We skipped WP and made a Joomla site and it is now so "heavily garded", we almost can't get in ourselves, lol.

Correction: in one of my previous post, I meant start from a "clean slate" not a clean sheet, (I asume we all have that) well, well, we foreigners might be excused... you never know what we come up with, lol.

Contact your hosting providers, they will be able to help you.

Has anyone ever heard of, or used, sitelock? I have the option of getting it on my account at hostgator, but I am unsure if I even need it.

I did contact Hostgator and they said that Namecheap and GoDaddy are using my domains as ad space. Seems it's all ok, nothing wrong there.

Thanks for the reminder guys - making a complete backup NOW!

Backup everything and anything. If its wordpress sites, its very easy.

What did your web hosting provider have to say about it? Did you contact them for support?

Contact your host.. or is it to late?