Contact your host and ask them to restore a back up (if they have one)

Scan your computer for malware / keyloggers just to be sure they arn't getting your passwords that way.

If all else fails and its your web host being tampered with - might be worth switching to a new host.

Also check your plugins.

Most of the time when people get hacked, they trace it back to a plugin they installed on their site.

Thanks everyone for your kind advice.

Right now i am in conversation with Justhost support. Cause all the sites that are being hacked happened to be webhosted by Justhost.

A few sites I have webhosted by Hostgator are fine.

I am asking them how I can move on from here ...

Justhost asked me to send a ticket for support for restoration ... seriously I do not know where and how my entire sites are being hacked ... they left behind some message and video ... Free Kashmir .. Freedom is our goal..// End the Occupation.

I suggest getting a better host - see

If all they did is leave some vids that's not so bad. You'd be worse if they changed your login details and/or managed to get your billing information.

Change your host and your passes.

Oh mine ... oh mine ... I just noticed another guy in this forum who had his sites (from justhost) being hacked ... Kokopelli, thanks for the link ... and now it is actually more than just 2 of us having this problem.

Look like I have to rethink about resuming Justhost service (in fact I have just renewed with them) ... However I am clueless about how to transfer data from Justhost to Hostgator.

I hope I have backup-ed the right data from my 10 sites webhosted in Justhost.
In end of december 2011, I had a backup of the data of my 10 sites. And this is the most recent backup I had.

The data I had backup are the entire data inside "public_html/<domain>" folder and also its respective wrdp1.sql.gz

It was my first time being hacked and it was also my first time that I need to change webhosting ... does anyone has a good step-by-step that I can upload my december backup data to Hostgator?

Once again, I thank everyone for being kind to offer me advice ... it is so sudden and my sites are suddenly down and I am devastated and emotional about it ...

I had a site (who I had hosted with worthless Chicagowebs - never use them) hacked and taken over by some islamo/terrorist types. I got it fixed pretty quickly, but after switching everything to hostgator, I've never had a problem. Never did figure out how it happened, but alot of it has to do with the your host.

Stop panicking. If they are Wordpress sites, the hacker has probably just replaced the index.php file(s)

Do a fresh install of Wordpress on a subdomain, or download wordpress from wordpress.org.

Then use filemanager or ftp software to connect to your sites. Simply replace the index.php files(s) with the new ones you have just downloaded. That should solve the problem.

I assume you have cPanel access - once your sites have been restored, just make backups of both the files and database via cPanel (or use your old cPanel backup dumps) - look under Backup. Then you can use the cPanel Restore function with your new host to restore them fast.

One caveat - the above backup/restore only works if you have a reseller account, where each website has its own cPanel account - Do NOT use it if your sites are on a shared host, as the restore will overwrite your root files!

Eltara, I had the same experience about 2 months ago. All my sites got hacked and I was pretty hopeless. I spent 3 days just figuring out how to solve it. Here is what I did.

1. I submitted one website to Ensure your website security online with WebsiteDefender
2. Found where the code causing this problem is.
3. Found out what the code was saying
4. Deleted the code and reinstalled WordPress website
5. Waited for some changes
6. Then I discovered through access logs that someone setup a cron job, because the code was there again
7. I couldn't find where the trojan was, so I contacted hostgator and they scanned the server and deleted the virus.

Hope it helps in some way. After that I changed all the password to 16 character ones and did all the security steps I could find online. Since then, no problem.

Samuel's got some really good advice!

Thanks Samuel, BT and Gengis ...

I received email from Justhost and they told me they can't do anything about it. I was thinking I can't leave my sites looking like this ... even though I will be uploading my recent backup files to Hostgator (I am still checking with Hostgator how).

I have implemented Rosetrees' suggestion and I copied my respective index.php from my Dec 2011 backup and replaced it using FTP.

And my 10 sites are restored back to normal now.

I managed to password change my Wp-admin for all sites except for 1 single site that the password seem to have changed ... and it was my best performing site (even though this site doesn't earn me alot but it was my best) ... I guess they probably had changed my wp password. I tried to submit my email address to "retrieve" the password but it doesn't recognize my email address to allow me to reset Wp password. I really do not know how I can retrieve my wp password. My next instinct is to check my domain registrar.

I have checked my domain registrar and see if I can log on and thanks goodness I can logon and to see my various domains I have.

So right now I have this domain but I can't access my Wordpress site via wp password webhosted by Justhost ... by the way, since I have the recent backup (dec 2011) for this site, will I be able to reinstall Wordpress and copy Dec2011 data into it and then reset the wp-password in hostgator?

Shared hosting at its finest!

I don't know whether or not you can just move sites to Hostgator from a JustHost backup. If not, here is instructions on how to move Wordpress sites

http://domainingdiva.com/transfer.pdf

Good advice from Salado. Sure is a jungle out there.

My first 2 sites got hacked a few years back - I was devastated (like you) don't worry you will bounce back from this

Look at it as almost a rite of passage - "you're not officially an Internet marketer until you have had your sites hacked"

Best of luck and you will bounce back from this stronger and more determined

I had the same problem. And like rosetrees said the problem is with the index.php.

Anyways, if you haven't done so already, you should change your secret key, because even if you were to change your password, the hackers might still have the cookie for your log-in and can still do some real damage.

Hostgator will move them and clean them for free, if its a shared, if its a reseller they will move 30 of them. If you need a coupon code pm me. I will get it to you for .01.

I would contact Hostgator if you have a new account with them. They will most likely move them for you.

I feel your pain...

I made the mistake of taking action too fast and had already started rebuilding by the time my host came back and said they'd clean them up for me.

Hassle them and if they can't do anything, hassle them some more. Then do it yourself.

I had this happen once. Received a letter from an attorney representing a bank in London telling me to stop attacking their bank's site online. Turned out, it was a hacker on my site. Just talk with your hosting company. If they won't resolve the issue, change companies. Also, keep everything up to date.

This might be helpful if you are not sure how to move a site:

I am sure things will get better for you, mate. Hang in there. Trust me. You are not alone, for almost everyone has a first with these kind of hacking things. Better days are awaiting you.

Can anyone recommend a way to prevent this from happening? it seems i have been hit twice this year as well its a good thing they were simply arbitrage sites

I use a few plugins for security. Limit login attempts, wordpress firewall 2, secure press which are all free. Limit login attempts locks out multiple attempt at hacking your log in details and has the option to email you. Don't use admin as your log in either as you are giving the hackers half your details.

Your website hacked is probably not because your password is easy to guess, but it's probably the security problem of your hosting server. When hacker knows the IP of targeted website, they'll try to enter via backdoor. Even FBI website can be hacked.

My recommendation is same like the other, move to hostgator. I've been using it, I'm satisfied, and so far I don't have bad problem with them.

HostGator allows you to use SiteLock protection system with great prices starting from $1.25/month. I suggest you take advantage of it right after you create a new site.

Change pass in wordpress. "User" Profile" change pass" Save. Also make sure the host your using has security features in place. We had a guy loose 800 sites to a hacker last year because the hosting co. he was using didnt have proper security features in place. If your on dedicateds setup your firewall, setup brute force protection and shell fork bomb protection. The brute force protection will block anybody trying to hack or enter into your site. You can set the amount of tries, ie.. 3-5-10., then it will block them out and send you an email with 3 links, click one of them to blacklist the ip of the potential hacker. The link will also have their country and ip. Whitelist your own ip so you dont lock yourself out. If you dont know your ip you can goto whatismyip.com or just goto google and type "whats my ip" in the search and it will show automatically in the first of the search.
If your using vsp or shared make sure to ask the hosting co. what type of security they have in place and ask them to make sure to set it up for you and your site because you want it. Just like the guy said above $1.25 at hostgator is worth it. Make regular backups of your sites and save them on your computer an external drive, or somewhere else other than your server. On dedicated servers have them back up weekly onto a secondary drive. Use the security plugins mentioned above in the other posts for wordpress.
Make your usernames and passwords something you can remember, but not too easy. Maybe your favorite fruit or hobby and your birth date or some other numerical figure that is easy for you to remember, but not others. ie... Fishing042077 (fishing and maybe your kids birthday) for example. Hopefully this helps a little and sorry to hear your sites got hacked. In a nut shell, that sucks.
You can check your index files or your files in general and see if they just replaced your index file, if so make sure you chmod your index properly and make sure other file permissions are not set to 777 except for the ones that have to be. Just a suggestion. If its just the index file., ie.. you have the main one .php and the new one your seeing is .html delete the html index as it has precidence over the .php file., but check the code to make sure that its the hackers index file and not your own. You can simply type in your url and watch your browser to see what the url reads. Ie.. if your site is mysite.com and it now points to mysite.com/hack.php there is a redirect to the hack.php file.
The best thing is to check your index file and see if there are 2 now. 1 html and 1 .php and check the code. For instance you said their is videos there now. Check the index file and see if the codes are their for embeded video. Your servers will have a protocol to where it will pull up the .html extension first, then the other extensions secondly. ie.. php , aspx, ect. depending on your servers being linux or windows.

For more advanced users you can also block ips of known hackers or countries via the .htaccess files. (google it)

Anyway if you find out the code is just in the index file and you have an original index file or a recent backed up one. Delete the hackers index file and upload your backup copy index and check to see if the site is working properly. If so... backup your site and get the heck off the servers that just got hacked.

Just a couple suggestions. Hopefully this helps a little.
One more suggestion...
Check the hosting companies support fee's some will charge nothing for updates and help while others charge upward of $75 an hour.
Make sure their is live chat support and not just ticket support.
Make sure that when you do click on live support you get a live support operator and not just an email contact that looks like live support.

One company that not to many people know about that has gotten extremely good is a company called Apthost.com - I was with them for 3 years with my dedicated servers and their help is second to none. Absolutely amazing support and they are very tech savvy. If it needs to be escalated their level 2 and level 3 support is also amazing and they never charged me a penny more and the problems were fixed very quickly. Sometimes within less than 30 minutes.

Great advice from all!

I've wanted to secure my site before I experience this type of trouble - now I have more of an idea how to do this.

<I found more good info in another thread when I searched for securing wordpress>

After your blogs are fixed, a good cloning/ back up plugin to use is either
WP Twin or Backup Creator.

WP twin has an additional plugin where it automatically makes a clone however frequently you want it. You just have to ftp it from your host to your pc.

I have made a 'Master Blog' clone with WP Twin. It has the blog set up with all the changes and plugins in place so I just upload it to a new WP install and bam! I have my site almost done.

I just have to add a new admin / password, change the theme and add info specific to that site.

It saves me lots of time!

HTH

Karen

If you have problems with your website, I suggest you contact your domain company.

taleamsystems.com

I addition to all the above suggestion u also add to disallow all the hacking bots in the robots.txt so that avoid the attack in future from those idiots hackers.

It happened to me a couple of weeks ago, i panicked too.lol Just contact your hosting company, mine was Hostgator, and within a couple of hours it was back to normal, one of the Warriors informed me about it too, i had no idea.
It was recommended that i changed my passwords every week.

Hope this helps


Kevin

[DELETED]

Hi to each and everyone in this thread before my post here,

((( Thanks for all you guys and gals advices!!! )))
Due to your advices, recommendations and emotional supports I have received for the past several days, I have managed to rebuild my sites successfully.

Once again, thank you so much!!!

*A bow of thanks & gratitude to everyone*

With Regards & Sincerity
Eltara

I also recommend moving over to Hostgator

[DELETED]

If you are using a CMS like joomla or wordpress then make sure that you update to the newer versions as soon as they are released.

There are some basic rules to secure your website, which include but are not limited to
-Not using 'admin' as the username
-Securing core files
-Installing a few security plugins that protect your website from injections and hacking attempts

I'm not sure if you used fantastico to install the wordpress, if you did, it might be risky. Also not sure if you are using a free theme, if you are, remove it from the server immediately, it has hidden links which naked eyes cannot see!

Check if your computer has a virus or malware.

Lastly check if other sites on the server are affected?, if they are, time to switch hosts!

If you need assistance in fixing the security holes, feel free to drop me a PM.

Host them some where secure.
Change you password & ask your host master to run a php shell script finder.

Normally people that hack into your website will leave some script called php shell in order to own your box again & again...

if you need help let me know.

Report them to Norton Security and cancel your cards ASAP!

If it still helps, I also got my websites hacked and upon contacting and threatening Justhost support, I got someone to un-hack them for me

I had my sites hacked just over a week ago, I am with Hostgator and they were great had my sites up and running again within a couple of hours. I would recommend moving all your sites to them as they have great service!

What would happen if you run ad aware on your computer??