All my sites have been HIJACKED

by 74 replies
93
Hi All

I would appreciate any help, I have had everyone of my websites hacked, 18 months of toil and around 100 websites all gone, and from what Ive been reading on yahoo answers etc, there is not a darn thing I can do about it.
Any help much appreciated.

Best Mike.
#main internet marketing discussion forum #hijacked #sites
  • Have we learned anything?

    Keep backups, use strong passwords, login only with SSH, upload only with SFTP?
  • SSH ? SFTP ?

    Can you eloborate
    cdarlock
    • [2] replies
    • Where were they hosted at?
      • [1] reply
    • If you use a shell login to your account, or you transfer files with an FTP program, make sure you're using an encrypted connection to the server. Base-level telnet and FTP send your username and password "in the clear," and anyone on the network might see them.

      If you do everything through your control panel, make sure it's with an https: connection and not basic http: when you log in.

      If you log into a shell, make sure it's over SSH. Most telnet clients support SSH, if you configure the service and port number. The normal port for this service is 22.

      If you use an FTP program, make sure you use SFTP. Again, most FTP clients support this protocol. This service also usually operates on port 22.

      If you can't connect to the service on port 22, contact your host and ask if it's on another port. Many hosts will put the SSH/SFTP service on a different port so it's harder for hackers to find.

      My own server used to receive several hundred hack attempts every hour when SSH was on port 22. I moved it to a different port, and the hack efforts stopped almost completely. Now I get a couple dozen a month, at most.

      It doesn't matter how small and unimportant you might be, people are trying to hack your server.
      • [ 14 ] Thanks
      • [1] reply
  • There was a linux exploit announced exactly 1 week ago - during the past week, an unknown number of servers have been hacked, and who knows how many sites have been defaced or taken down.

    But, its your responsibility to backup your sites.
  • Banned
    I think you should try contacting the companies. You can show them your bank records, as they should have records of your payments over the last 18 months. I'm sure they do. Check this out
    • [1] reply
    • Thanks Man your Idea helping me a lot
  • You have to contact your hosting company and see what kind, if any backups they have.
    • [1] reply
    • have contacted my hosting company waiting on reply. I have some back up on some sites, but probably not the ones I want to retrieve

      nelson
      contact the companies ? most of my sites were costume sites geared up for Halloween, affiliated to buy costumes in the U.S. so what could I do here ?

      Mike.

      Hi All again

      I have all my content backed up for my sites, can I just delete the sites and re-install with better secuirty etc ?

      Mike.
  • Yes!

    Congrats, it sucks to get hacked without any backups. Glad to hear you've got some.
    • [ 1 ] Thanks
    • [1] reply
    • CD
      Youv`e taken great time to help a FOOL thanks man.

      Mike.

      thanks for input, and to all you guys who tooki time to answer a rookie,WF rocks.
      mike.
  • Normally, yes. This depends on the nature of your websites whether you can recover "easily" or not. If your sites are wordpress or joomla, for example, you also have databases to worry about. May not be the case if they are just "flat" files (HTML or php usually). Before deleting the "root" content of a particular domain, try uploading your backups to a test folder (for instance, so you can browse to it and view at domain.com/test ) . This is a pretty ok way to see if your backup files might be enough. Hope this gets you started.
    Now: side-note: new G*da**y Linux hosting plans (and reseller clones such as myself) keep a 30 day rolling backup (nightly) of files on hosting account. Recovery/rollback is fairly easy and provided right inside the control center as often as needed, no charge. Not a bad feature, almost makes the slowness nearly worthwhile lol. Good luck!
    • [ 1 ] Thanks
  • call them and have them do a rollback. its happened to me before and its an easy fix.
    • [ 1 ] Thanks
    • [2] replies
    • Keeping back ups is the best thing you can do, and make them redundant backups. Save on thumb drives, DVDs and online drives because its not just hackers that can get you. Mother nature can be really nasty..

      But if you are over the barrel and there's someone pickin' a banjo and it seems to be a bad rendition of deliverance.. well don't worry..

      If your lucky, really lucky and you've had your site for awhile sometimes you can get most of your posts and what not from
      Internet Archive: Wayback Machine

      Its not a total fix, not like having backups would be but sometimes it can be a fail safe!
    • have asked for this lets see what happens

      ta mike

      nope nothing there on the few I tried, the sites I want back are only a few months old and the ones I have tired on the wayback machine produced no results.

      will have a look at that

      thats a killer dan, the wrenched gut feeling I had must have been a whole lot worse for you, ouch

      yeah have started to build manually but what a pain, been using spread sheet for passwords, but I think passwords is not the problem, as CD says its probaly been hacked through my FTP. As he says this is availble to view for anyone using the sh1t as me.

      been using same anti virus and adware for 18 months anmd never been hacked
  • When you get your site uploaded, look at the file permissions. In particular, look for any files with chmod 777. On a shared hosting account this is like leaving the back door unlocked for hackers. Consider changing them to 755 or 744. The site explains the subject in detail: Changing File Permissions WordPress Codex
    • [1] reply
    • Gosh, you guys are talking UNIX

      There are some excellent secure shell connections. If nothing, download CygWin.

      Secure shell can also be used if you have PUTTY though I have never tried to do any of these for my web hopsting company (hostgator). But in general, yes, these are some of the best ways to go. And yes chmod is also a good option - I would prefer 744 over 755.
  • I was once a midphase customer... NEVER AGAIN!

    Check out a few hosts I am happy with at Top 3 Webhosting Companies - I am still a customer with all 3 of them!

    Be Well!
    ECS Dave
    • [2] replies
    • File permissions are definitely the bane of WP installs. Well that and there weekly exploit.
    • I have had this happen in the past. Now, I hope that you have been keeping up to date backups of your own sites. If not, then you should try and contact your hosting company. I know some of them actually backup their customers sites every day to every week depending on the hosting company.

      And I know it's a pain, but update your passwords. Make them long and confusing. Yes, I realize that it's hard to keep remembering all these things (there are days I am so grateful for password retrieval/resets it's not even funny) But you could always keep a spreadsheet with all your login information. Then for added protection zip it up and password protect that or name it something random on your computer (not passwords.xlsx or something easy to find for anyone else)
  • It's not always something on your sites that causes the problem...

    It can be your computer... Make sure you load it up with a good anti virus.

    Biggest Mistake: Using Windows Defender.

    I ruined 20 Websites, lost thousands of dollars in reports..

    And I bounced back.. .a much smarter person

    Caleb
  • Glad you've restored all your contents back. What I know is you can reinstall with better security solution. You just need to contact your service provider and tell them what you want to do on your sites.

    Don't forget to back up starting today.
  • I was a midphase customer 3 years ago when I first started out...first site was hacked in a matter of weeks, from someone in Europe ( I was able to trace the idiot).

    Midphase advised me not to give out my password to people!..I proceeded to tell them they are idiots with lousy security and closed the account. Hostgator is the only one for me know.
  • I now have my own VPS after the same thing happened to me. It is the only way to completely control what goes in and out of your system. My home computer is the only one with the encryption key to access the server and it is firewalled and locked down after what happened before.

    I lost a forum with over 2000 members, 100 of them were paying members...
  • Thatz the only reason, we have strong passwords and lots of backup plans carried out for each and every single account

    Cdarklock has given great info, appreciated
  • I would advice talking to your hosting company, thou there might be little you can achieve but no harm.
  • Bummer to hear this man!

    I've been way to lax on not using ssh and sftp, I will be totally be using this from now on!
    • [1] reply
    • I would try talking to the posting company,that is horrible to hear and is something i would not wish uppon my worse enemie.Very sorry to hear that.
  • What is the best way to back up all your data on sites? I have seen plugins that do this but I see there are a lot of experienced people here and was wondering if some of you would be able to tell us what you do for your back ups and how often you do them?

    Is there a way to do this through a network storage device that is home based?
    • [1] reply
    • I have also lost entire websites previously but I now utilize a website backup and clone software namely; WP Twin for the best solution for Wordpress blog backups. You can back up your websites simply with a couple clicks to any storage device to include Amazon s3 for inexpensive online storage space.

      Also check with "Tamer" on the WorriorForm for a $17 dollar script that runs with WP Twin for an automatic backup script to ensure you will never experience your pain again! Ha
  • Really sorry to hear that, i definitely would start by changing my password(s) pronto and I usually keep backups of all sites i put out there.
  • Former Midphase customer as well.
  • well this discussion scared me enough to go make some fresh backups...
    • [1] reply
    • That's sad to hear. I'd say HTML websites are just as vulnerable as WordPress sites, but if you do have a WordPress site take steps to secure it by changing file permissions like spearce000 said, and install backup and security plugins:
      WordPress Backup & Security Plugins

      WordPress Database Backup       -

      Secure WordPress       -

      WordPress Firewall -
      • [ 3 ] Thanks
      • [1] reply
  • Yeesh that's bad.

    If you were in the UK I would say ... host with these guys -> cPanel Hosting, Domain Name Registration, Virtual and Dedicated Servers - Vidahost Fast UK Web Hosting

    Because:

    a) They have R1Soft Backup Software operating on all their servers and all their accounts. This means you can get EVERYTHING back should the worst ever happen.

    b) They're hot on security.

    c) They take care of everything and look after their servers. They don't oversell either. When a server is running at optimum number of websites they invest in new high end servers.

    But I guess you're US based?
    • [ 1 ] Thanks
    • [1] reply
    • No I live in the uk, just been hacked again, so will give this a look

      Thanks Mike
      • [3] replies
  • If you use Joomla for your sites, I can highly recommend the free, open source extension Akeeba Backup. It really makes backing up joomla sites (files and databases) and restoring them a breeze. Still looking for an equally good plugin for Wordpress.
  • Oh really sorry man. I must say I never really bordered with backing up my sites and all that security stuff because I always thought why would a hacker go after my little and good looking or average looking sites rather the big fine and marvelous looking sites.
    But after reading this I think I have start to think twice and will do a full day to day back up so that I don't get to come here and announce to you guys my own bad news.
  • So Mike,

    Did your hosting company help? I'm hoping you've gotten things sorted out and are taking your own backups in addition to whatever they are doing?

    It's easy after a recovery to say, ok, I gotta start doing backups and then life steps in and you don't get to it.

    If the hosting company can't help with any kind of backup to restore for you, you may consider seeing if you can scrape some of your own content from archive.org.

    Go here:
    Internet Archive: Digital Library of Free Books, Movies, Music & Wayback Machine

    (not an affiliate link of any kind)

    Enter your web site address in the box that says "Way Back Machine".

    They are basically an indexer - kinda like a search engine, but they keep copies of sites as they change. The last date displayed for a site is the one to click... you could view the source, copy it off and re-create the html anyway... if graphics are shown, you can right-click and save them.

    If it was a wordpress or other cms install, it may not help as much, but you could perhaps copy/paste the text from the posts at least.

    Hope it helps.

    Gary
  • Man, what a kick in the n*ts. I always keep a local backup of every site I upload. Sounds good that you have your content, but even then it's not a walk but better than nothing. I recommend an easy plugin for WP if they are WP sites like Backup Buddy and the new Wp Twin. Makes complete backups and restores of WP site flawless.


    • [1] reply
    • That sucks big time man. I had a couple of my forums hacked off my websites but that was about it. Maybe there is some kind of legal action you can take?
  • I didn't realize hacking could be a problem. I'll definitely keep backups from now on. I feel for you Mike. Thank you for sharing and seeking advice here. I think it's made a few of us think twice about something we hadn't thought about at all.

    Linda
  • Hello

    I just hate all these criminals destroying the internet and our hard work.
    This is what just happened to our WP-site...hosted at HG for years.

    We recently decided to scan our website, and we realized, that the WP-template we used, had malicious virus planted there, even before we downloaded it ...so I deleted it... and yes, we did have backups. (this was our research-work for passed 3 yrs, with hardly any traffic)

    We decided to move the domain and start fresh with a host closer to home, Sweden, and this is when my domain gets hijacked, when unlocking it for transfer to the new webhotel.

    Transfer failed and I had to annulate the order completely and it is now parked and locked at the registrar. (and Yes it is paid for)

    When googling my domain-name: biochromalab.com it is redirected to an obscure site.

    I looked them up...and they specialize in hijacking domains... they are the infamous "searchdiscovered.com" hosted at ztomy.com.

    They operate under several names, and they have stolen sites and domains since 2007. How to report them?

    I want my domain back!! But don't know how or where to turn.
    Please, does anyone know what I can do?
    • [1] reply
  • Email your host and ask them if they have a backup, if yes, ask them to restore your files.

    I had uninstalled wp on my blog accidentally once and didn't have backups. Someone here suggested I ask my host (host monster) I did and they restored everything the next day, though i lost only a few posts whcih was no big deal.

    After that, I realized the importance of backups, now I have automatic backups weekly sent to my email.

    I really hope you get your sites back. It must be a horrible feeling. I am really sorry.
  • Thanks for your reply,

    Yes, hopefully there are legal actions to take ...but where?

    It is outrageous that those criminals at ztomy.com aren't black-listed, taken to court and sentenced. They have ruined so many ppl.

    As for the site at HG, I simply deleted it, and cancelled the hosting of it, as the WPtemplate was too contaminated and I want to start with a "clean sheet".

    And I got another domain ext. as well. But I still want my .com back! (it is now locked and parked).

    Today, when googling biochromalab.com I did land on the proper registrar site.

    How can I check the domain text-code... to find and eliminate hacked strings inserted there, since clicking on domain-link at the registrars landing site does not allow me to edit in the said text-code.

    Is there a solution to make it editable?
    Or is there a way to scan your domain-name?
    I am not a wizard in this problematic field and I am greatful for help!

    Thanks in advance
    Helen
  • Damn. I should take backup of my websites and blogs too....soon.
  • Yeah most hosts will back your site up for a small fee. I run my back ups for all my hosting clients Mon Wed Fri. Sounds like you need to change your host.

    If you are on a shared account they should be protecting some of your stuff from getting hacked. Change your passwords and check your scripts for any permissions problems. Also update all of you scripts like Wordpress and the plugins as well.

    Peace
    Shane
    • [1] reply
    • Thanks for these. Just put them up.
  • Find a hosting company that takes backups and security seriously!
    As an online marketer myself, I know how important backups are and how quickly an entire server can be wiped out.

    That's why our servers have a super high data protection setup.
    Not only are our servers protected with CDP, but take full advantage of a raid-10 disk configuration.
  • We are now at our new host, starting fresh!

    I will take the advices in previous posts and install all the security measures mentioned. (Host makes daily backups too)

    Thanks a lot, all of you, for excellent advice!

    This forum is the best there is.
    I am glad to be a member of such a splendid community.
  • Most of the issues can be overcome very easily.

    1) make sure you password is secure. try https://www.grc.com/password.htm for strings

    2) make sure your software is backed up. You can schedule a backup in CPanel to a folder for

    ex.

    and you can then download your completed backups from this folder.

    3) Make sure your softwae is upto date. Eg) Most defaces are exploits that are discovered and fixed with updates that stay vulnerable because no updates are done

    wordpress is well known for defaces as most people dont know updates are needed. Just like anti virus needs to be updated and recent - so do your web based scripts

    4) Limit the number of AddOns you use on one domain - and if that is your choice make sure the root (primary domian) has a 24 character password.

    Eg) On an unlimited domain account like all hosters supply the root is breached the entire estate is vulnerable.

    Options include a hosting package that offers WHM so you can create seperate container accounts to limit security threats

    5) Run Anti virus / Malware software to limit vulerablilty to keyloggers and other trojans that can steal data

    6) Update your browsers to ensure vulnerabilities are closed

    DaveWebSmith
  • Oh my! I'm so sorry. What hosting company were you using. I have all of these security plugins set up with wordpress. I don't know how on earth people can actually hack into a website, but they do.
  • Google - SQL Injection as an example

    Like the "Jaibreak" on Iphone - so Apple release the update so the hackers find the vulnerabilities and so on ...

    Wordpress is open source. That means anyone can access the code. You add plugins - who wrote them - do they create new vulnerabilities / Yes / No

    Its a game of cat and mouse ... keep your wordpress updated (you can do this in the admin area and backups and you will be fine.

    DaveWebSmith
  • Just a short update-message,
    My domain .com is now redirected to our new site.
    The old one was spread like a virus to all sorts of sites not belonging to us.

    We skipped WP and made a Joomla site and it is now so "heavily garded", we almost can't get in ourselves, lol.

    Correction: in one of my previous post, I meant start from a "clean slate" not a clean sheet, (I asume we all have that) well, well, we foreigners might be excused... you never know what we come up with, lol.
    • [1] reply
    • I have domains registered with GoDaddy and Namecheap. I was using Justhost for hosting for a year but renewed with Hostgator last month. Most of them were just domains and I had not started building sites on them yet. A few of them were sites but I do not have a backup.

      When I checked today I saw that most of my domains are getting forwarded to searchdiscover.com and showing some kind of parked site. I did read through this thread but I will be grateful if someone could tell me what I exactly should do next. Most of them were just domains. All are registered in my name so have I lost the domains or just the sites for the few that were built.
  • Contact your hosting providers, they will be able to help you.
  • [DELETED]
  • Has anyone ever heard of, or used, sitelock? I have the option of getting it on my account at hostgator, but I am unsure if I even need it.
  • I did contact Hostgator and they said that Namecheap and GoDaddy are using my domains as ad space. Seems it's all ok, nothing wrong there.
  • Thanks for the reminder guys - making a complete backup NOW!
  • Backup everything and anything. If its wordpress sites, its very easy.
  • What did your web hosting provider have to say about it? Did you contact them for support?
  • Contact your host.. or is it to late?
  • Banned
    [DELETED]
Join the discussion

Next Topics on Trending Feed

  • 93

    All my sites have been HIJACKED

    Hi All I would appreciate any help, I have had everyone of my websites hacked, 18 months of toil and around 100 websites all gone, and from what Ive been reading on yahoo answers etc, there is not a darn thing I can do about it.