Hacked

[JayA]

Well it looks like my website was hacked; my main page is completely changed now, stating that it has been hacked by Turkish hackers.

So, my question is how do I get everything back to normal and ensure that this doesn't happen again?

 

[Mark]

Hopefully you have backups of everything. But first you need to shut the Hole they found.

Was it on a Private server or on a regular Hosting account ?

 

[5wayshosting]

Always backup and have a good hoster.

 

[tmax]

I would really like to know who your hosting company is...

 

[CrazyTech]

It's not always the fault of the host when something is hacked. In fact, I'd say in most cases it's not the host's fault. You need to talk with your host or other service provider to determine how the hackers got in. The hole needs to be patched before you upload everything from the backup that you hopefully had.

 

[BeZazz]

Well it looks like my website was hacked; my main page is completely changed now, stating that it has been hacked by Turkish hackers.

So, my question is how do I get everything back to normal and ensure that this doesn't happen again?

if im not mistaken these guy/s norm get in due to old insecure phpbb forum installs

EDIT: i added a "b" lol

 

[JayA]

I would really like to know who your hosting company is...

hostrocket.com

My concern is if it might have been possible for them to get into my CP and somehow grab the CC# that I pay for the hosting with? I have no idea how hacking works or whatever so pardon me if that sounds silly.

I believe I have a backing though, the website is new so I really didn't have a whole lot of content added in yet so that's a relief.

Once I do go live I'd really hate for viewers to ever see "hacked by so & so"

Should I switch hosts?

 

[Mark]

As Denver said above - there's a good chance it wasn't the Hosts fault. Outside "Scripts" and permissions are how many of them get in .... which falls back on the person using the hosting account.

I'd try to work with the existing hosting company to find the hole.

 

[casperl]

My concern is if it might have been possible for them to get into my CP and somehow grab the CC# that I pay for the hosting with? I have no idea how hacking works or whatever so pardon me if that sounds silly.

They generally use a bug in older versions of known softwares (joomla extensopns, phpbb) and just be able to overwrite on some files. In my opinion at the worst case, they obtain root access on your server and if you dont not put your CC info on your server as a plain file, then they can not reach that info.

 

[Mark]

Well ..... guess What ? I got hacked as well

No big deal - I just had a "test" forum set up playing with news bots etc ...

Sure enough - "Game Over"

proxmitron.by.ru << My forum redirects to here now (Enter at own risk - But I don't see anything harmful)

phpbb Strikes again -

This Page Hacked By

Proxmitron

I love my love Despite everything......!!!

SecUrity is not a Game........!!!

l Spygrup.org l

!

Proxmitron<at>Gmail.com

No big loss - it was a hidden forum though .... the site is just something I test scripts on for the most part .... Still not a good feeling.

 

[enlytend]

New exploit or were you running an unpatched, older version? You gotta stay on top of phpbb updates - major script-kiddie target.

My concern is if it might have been possible for them to get into my CP and somehow grab the CC# that I pay for the hosting with?

Hosting companies normally store billing information on another server/network. Talk to them though - they should be able to help you get things back to normal and (most importantly) figure out how the intruder got in so it doesn't happen in the future.

Goodl luck!

 

[CrazyTech]

ExcellentHost, were you running any scripts on your website?

As said above, there's no reason that HR would store CC#'s in your control panel. I am not familiar with what control panel they use, but this wouldn't really make sense to me at all. I think you're fine there.

You need to determine what happened first before you even begin to consider moving. Moving to another host makes absolutely no difference if they got in through something you were running.

 

[JayA]

I had a lot of custom scripts, extensions off of wordpress. I'll contact them to see if that was it, thanks for the help.

 

[Napoleon]

Don't worry, the Turkish hackers mostly replace the index pages and leave evrything else untouched.

 

[Ultimatum]

Don't worry, the Turkish hackers mostly replace the index pages and leave evrything else untouched.

Why do you think so? Have you had some experience with them? And why do they do that? training?

 

[squatter]

ExellentHost, there's some stuff on hack recovery.

 

[Amnezia]

I had a lot of custom scripts, extensions off of wordpress. I'll contact them to see if that was it, thanks for the help.

it was probably wordpress that got hacked, you need to make sure you upgrade when they release new versions. They released 2.1 a few weeks ago to deal with the security issues of the older versions.

 

[Jim_]

Why do you think so? Have you had some experience with them? And why do they do that? training?

If they were after personal details (CC#, etc) they wouldn't have altered the homepage and alerted the victim of their presence. They just defaced the web page, nothing more. They do it because they can. It boosts their ego.

 

[Robert Allen]

They release 'unreleased' scripts to VIP members on h4cky0u.org. All you need to do is donate $10 and you can get access. These unreleased scripts are for latest versions normally.

And last time i checked, turkish hackers use a SQL injection, or if they are lazy, will attempt to login to your cPanel using DoS methods. If they do that, they just DELETE the contents of the config files for everything, and ust replace it with a redirect to their haxor site.

Rob

 

[slaughterbeck]

I had a 4images gallery site hacked and down for two days before my host and I found the code in the header. Oddly enough I had uploaded the hack from my own infected PC.


Hope eveything works out.



Best wishes,
Kimmy