18 {{ upvoteCount | shortNum }}
18 {{ upvoteCount | shortNum }}

site hacked... What to do?

by lookielookies
15 replies
I just discovered my website at newjvgiveaways.com was hacked...

I don't have any experience with this kind of stuff. What do I do?
#hacked #site
  • Profile picture of the author lookielookies
    As far as I can see, the hacker only uploaded an index.htm-file. I deleted it and everythng seems to be back to normal.

    How do I prevent this in the future?
    Signature
    FREE: Launch Your Own Plugin TODAY
    Start Earning BitcoinToday!
    {{ DiscussionBoard.errors[250134].message }}
  • Profile picture of the author Far Owt Publishing
    The first step I would take is figuring out how they got access in the first place. Are you running any open-source web apps (ie: Wordpress)? If so, make sure you have the latest versions/builds installed as there may be an exploit that allows such uploading.

    I'd also change the password to my hosting account/FTP server login/password. I always recommend generating long, random passwords and usernames - something like 776C9E6362DC2E6 and 64A33620AF4AF03. If you're using Roboform there's actually a "Generate" button on the toolbar that'll allow you to do this.

    Hope that helped!
    {{ DiscussionBoard.errors[250146].message }}
  • Profile picture of the author globalpro
    You should also contact your hosting support. They should be able to pull up the logs for your account to help see what the problem is.

    Thanks,

    John
    {{ DiscussionBoard.errors[250148].message }}
  • Profile picture of the author TheRichJerksNet
    If interested send me a PM with specific details of what happened and I can look into some things for you ... Have done several security consults on here and some security jobs... I have also wrote the very popular WordPress Secured ebook..

    James
    {{ DiscussionBoard.errors[250200].message }}
  • Profile picture of the author TheRichJerksNet
    As explained in PM they uploaded the index file just to see if your wp was secured or not.. Now they know it is not.. In otherwords they was testing.

    I have explained many times over no matter what version of WP you are running you WP is NOT secure.. There is nothing wordpress.org can do to stop the hacks. They can update until the cows come home and it will not do any good as the hackers get these updates also..

    Only way to secure your WordPress is to do it yourself or hire a proper WordPress Security Dude..

    Many people say "update" and "backup" thats the best you can do .. Well they are wrong, dead wrong...

    The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

    Anyone that runs a wordpress site and does not get secured will eventually be hacked...

    James
    {{ DiscussionBoard.errors[250344].message }}
  • Profile picture of the author hiphil
    Have you examined the content of the index file they uploaded?

    It might be a Trojan horse. Then the hacker can use the file as a back door to plant other files on your site. For example fake banking site or other phishing site. Or they might set up a spam relay on your site.

    I have created some scripts to disable files that are added to my site by hackers. Just 2 days ago this foiled a hacking attempt on my site.

    PM me if you would like more details.
    Signature

    Create your first website by 3:45 this afternoon - using Free software. (Free Download).
    www.hiphil.net

    {{ DiscussionBoard.errors[250410].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by hiphil View Post

      Have you examined the content of the index file they uploaded?

      It might be a Trojan horse. Then the hacker can use the file as a back door to plant other files on your site. For example fake banking site or other phishing site. Or they might set up a spam relay on your site.

      I have created some scripts to disable files that are added to my site by hackers. Just 2 days ago this foiled a hacking attempt on my site.

      PM me if you would like more details.
      They do not need to add any code to a index file.. They added the index file which means they already have access (backdoor access)..

      Which also means the db itself could have already been compromised as well by the same hacker..

      James
      {{ DiscussionBoard.errors[250445].message }}
      • Profile picture of the author lookielookies
        Just found out a same file had been uploaded to another folder on the same server.

        Both are folders that serve as addon domains. One has a WP install, so I have been reading quite a bit about securing WP.

        But the second file was uploaded to a folder that only has an index.html file and an empty cgi-bin folder... So I take it protecting my WP installation won't solve the problem...

        Have you examined the content of the index file they uploaded?
        Forgive me for not knowing, but why does the 'This site has been hacked' index-file have a Hotmail address and full image links on it?


        hiphil, I'm setting up your EasySweepSystem - have sent you a PM about it.
        Signature
        FREE: Launch Your Own Plugin TODAY
        Start Earning BitcoinToday!
        {{ DiscussionBoard.errors[253229].message }}
  • Profile picture of the author tommygadget
    Can you simply rename the admin login page to something like seoni23iubfgws.html and then keep that filename somewhere safe? Also, with message moderation on, are you safe (at least more so?).

    TomG.
    Signature
    {{ DiscussionBoard.errors[253249].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by tommygadget View Post

      Can you simply rename the admin login page to something like seoni23iubfgws.html and then keep that filename somewhere safe? Also, with message moderation on, are you safe (at least more so?).

      TomG.
      Tom,
      Simply renaming the admin index file will do nothing.. Hackers still know the path to your admin login and that is all they need..

      The only way to protect the site is to protect wordpress, and there is no system out there but WordPress Secured that will explain to you how to protect wordpress..

      I certainly would not install more scripts that ask for private information such as logins to try and protect something that was already hacked to begin with .. But that's me I guess, I have been building websites for over 15 years...

      James
      {{ DiscussionBoard.errors[253270].message }}
  • Profile picture of the author Louis Raven
    Happened to me a while back.

    Check all your root folder contents for unusual files and DON'T upload a backup of your site unless 100% sure he wasn't in their when you backed-up.

    Anyhoo, don't take my or anyone elses advice before contacting your host who is trained to get rid of these problems fast!

    Louis....
    Signature
    Business Website Hosting
    Car Detailing Network
    How to Start a Mobile Detailing Valeting Business
    Website Hosting Domain Marketing Templates Themes Logo
    Detailing Discounts Valeting Directory
    Detailing Forum Business Valeting Community
    {{ DiscussionBoard.errors[253287].message }}
  • Profile picture of the author tommygadget
    Just be careful about your host's tech support. Some of these guys really have no clue what they are doing. Once you find a good one, try to ask for the same person.

    TomG.
    Signature
    {{ DiscussionBoard.errors[253297].message }}

Trending Topics