[HELP] All sites hacked by Kuwait hackers?

14 replies
Grrrr.. hi guys,

I'm not sure how, but all my sites (normal sites, mini sites, wordpress) have been hacked by a hacker team from Kuwait... and for fun -_-?

here's one of my site - myphotographytips.net

Not sure what they're trying to do, or how they did it...

anyone has any kind of experiences like this?
what should I do now? and how can I prevent this in the future?

ps, I have up-to-date prevx on all my computers, and they're all clean :/

need help!
#hacked #hackers #kuwait #sites
  • Profile picture of the author Samrath Gupta
    Contact your hosting provider !!

    One of my sites also got hacked by some Egyption hackerz lol but i contacted my hosting service and they RESETTTED my whole website...

    Maybe you used a very easy pass or left some loopholes like that...

    First of all dont contact them via email because doing so they will get your IP address and might be they can your computer too.....
    {{ DiscussionBoard.errors[4960074].message }}
  • Profile picture of the author Rich Struck
    There is a special place in hell for people who pull crap like this.
    Signature

    {{ DiscussionBoard.errors[4960111].message }}
  • Profile picture of the author Levi Grey
    I've contacted my hosting service provider, they asked if I want to reset my accounts, but then all my files are gone.

    If I back it up now, isn't it too late already? since there might be scripts running on my sites already? ....

    sigh, ill just change my ftp password then?
    {{ DiscussionBoard.errors[4960231].message }}
    • Profile picture of the author Richard Van
      Nice to see what god fearing religious people do for fun.

      The irony is classic, they have a copyright notice at the bottom of the page they've left!

      Levi, now would be a good time, when this is over, to back up very regularly.
      Signature

      Wibble, bark, my old man's a mushroom etc...

      {{ DiscussionBoard.errors[4960246].message }}
      • Profile picture of the author zaco
        Originally Posted by Richard Van View Post

        Nice to see what god fearing religious people do for fun.

        The irony is classic, they have a copyright notice at the bottom of the page they've left!

        Levi, now would be a good time, when this is over, to back up very regularly.

        God fearing people? your comment is so irrelevant seriously lol.. any hackers from any where do the same.. its just what they do to "prove a point" , can people come and say all Americans are murderers because the US gov keeps spiking wars? NO!
        {{ DiscussionBoard.errors[5135680].message }}
  • Profile picture of the author rosetrees
    These hackers usually just replace the index.php or index.html file.

    For your non-wordpress sites you can just reupload that page from your web design software.


    For Wordpress sites, this is what I do. Make a fresh installation of Wordpress on a new subdomain. Ftp the index.php file(s) to my computer - sometimes there are more than one in different directories on the site.


    Ftp the file(s) from my computer to the infected sites and overwrite the damaged files


    That usually fixes it.


    You did have backups, right? I know I sound like a cracked record, but you need backups of everything. Even if it's just the standard Wordpress export for pages/posts and a few screenshots.
    {{ DiscussionBoard.errors[4960261].message }}
    • Profile picture of the author Levi Grey
      Thanks guys for the helps.

      And yes I've noticed that they only replaced the index files, but sure if files other than that are infected for not?

      TBH, I only have backups with my minisites, normal sites but not with my wordpress sites....

      there I learnt a lesson today

      So will all my posts and everything be gone if I overwrite a new index file?

      thanks!

      Originally Posted by rosetrees View Post

      These hackers usually just replace the index.php or index.html file.

      For your non-wordpress sites you can just reupload that page from your web design software.

      For Wordpress sites, this is what I do. Make a fresh installation of Wordpress on a new subdomain. Ftp the index.php file(s) to my computer - sometimes there are more than one in different directories on the site.


      Ftp the file(s) from my computer to the infected sites and overwrite the damaged files


      That usually fixes it.


      You did have backups, right? I know I sound like a cracked record, but you need backups of everything. Even if it's just the standard Wordpress export for pages/posts and a few screenshots.
      {{ DiscussionBoard.errors[4960832].message }}
      • Profile picture of the author rosetrees
        Originally Posted by rosetrees View Post

        That usually fixes it.
        Originally Posted by Levi Grey View Post

        So will all my posts and everything be gone if I overwrite a new index file?
        Did you try it?

        Take a look at this http://friendlycomputertraining.com/...ckers-message/
        {{ DiscussionBoard.errors[4961074].message }}
        • Profile picture of the author Rob Harris
          I think I've just got the same thing. I tried to go to my WP back office to find that I had been "Hacked By Over-X".
          Mine has a picture of a cat in a box with "peace and harmony" below it.
          I'm off to contact my hosting provider.
          If anyone's interested to see the image that has made me now hate kittens, it's "www.yourawesomediet.com"!
          Signature
          Free Video Course
          How To Sell Affiliate Products
          Find out how you can get instant traffic to an affiliate offer and be making sales within an hour!
          http://bit.ly/howtomakesalestoday
          {{ DiscussionBoard.errors[5133205].message }}
  • Profile picture of the author rosetrees
    awwwwww - he's cute

    That's a classic hack. Just replace index.php and you'll be fine
    {{ DiscussionBoard.errors[5133232].message }}
    • Profile picture of the author Rob Harris
      Originally Posted by rosetrees View Post

      awwwwww - he's cute

      That's a classic hack. Just replace index.php and you'll be fine
      I would if they hadn't changed the cpanel username and/or password too. I'm waiting on an email from my hosting anyway.

      Thanks for the comments guys.
      Signature
      Free Video Course
      How To Sell Affiliate Products
      Find out how you can get instant traffic to an affiliate offer and be making sales within an hour!
      http://bit.ly/howtomakesalestoday
      {{ DiscussionBoard.errors[5133590].message }}
  • Profile picture of the author SimplyNDT
    Contact your hosting provider and make sure to change your passwords for all of your MySQL databases after they restore your site. After that make sure that your permissions for files are 644, 755 for folders. More than likely they were able to run a SQL injection against your database that would allow them to upload to an unsecured directory with full permissions.

    Hope that helps.
    {{ DiscussionBoard.errors[5133545].message }}
  • Profile picture of the author gamebak
    first search if for any exploits available for the web script that you were using (if any), contact provider, and make sure you change all your passwords and do a mass email telling you visitators to change their passwords(if you had a database somewhere).
    {{ DiscussionBoard.errors[5133583].message }}
  • Profile picture of the author onegoodman
    I hate these people who waste others time.

    Contact your host, they will recover your website, and change all passwords on the website (cpanel, database, and FTP accounts).

    I had the same issue few months ago when inmotion got attacked.
    {{ DiscussionBoard.errors[5133638].message }}

Trending Topics