Announcement

Collapse
No announcement yet.

ive been hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    ive been hacked

    since talking on this forum I have been hacked
    go to my site ukfloorings.com and press on products
    and if you go into vinyl- slip resistant there is an S on my top navigation bar
    it did have "store top" button and " next level" button Hacked
    has anyone else been hacked like this.
    how did they do it, they have hacked my actinic site on my computer too
    and I have a firewall too

    #2
    If the changes are also showing on your local copy of Actinic it is most likely:

    1. someone internal has done this
    2. they are unreleated

    The internal hacking is so very low key it is pointless ... hackers are either invisible (to steal your bank details) or in your face (for maximum exposure like your acatalog/index.html page).

    Reset the navigation bar text and purge / upload your site again. I would FTP to the site to remove acatalog/index.html just prior to the upload.

    Check with your hosts if other sites have been hacked.


    Bikster
    SellerDeck Designs and Responsive Themes

    Comment


      #3
      is it best just wipe actinic off my computer and then reinstall it.
      i think i have a back up somewhere.
      or can i download the site back into my actinic on my computer

      regards
      Rob

      oh yes by the way
      a woman rang me to tell me about this hack, do you think it was her ??
      it was a held number

      Comment


        #4
        If you are concerned about Actinic being 'messup up' on your PC then restore your site from your last snapshot. You cannot restore from your online store.

        Your site can be interfered in only two ways, either offline on your PC and then uploaded or online. If it was offline then password protect your pc, add firewalls etc. If it was online then check your FTP logs and contact your host.

        Posting the URL on the forum here is not going to get your site hacked - it takes malicous intent.

        Comment


          #5
          i need to get the hack crap off my computer before updating my site again
          If you can see anything wrong on your PC then this is extremely unlikely to have come from the live website. Actinic only uploads your website, it doesn't download anything except encrypted orders.

          Best look closer to home for these changes.
          Norman - www.drillpine.biz
          Edinburgh, U K / Bitez, Turkey

          Comment


            #6
            As already stated if the hack is visable on your pc then it has been inserted at the of and then uploaded.

            This means one of two things either the person who hacked it had physical acess to your pc or your security software allowed a remote attack. Either way it's not an actinic or forum related problem.

            To resolve it simply restore a previous snapshot prior to the hack and upload. Then protect your pc better.

            Comment


              #7
              Originally posted by Qai View Post
              is it best just wipe actinic off my computer and then reinstall it.
              i think i have a back up somewhere.
              or can i download the site back into my actinic on my computer

              regards
              Rob

              oh yes by the way
              a woman rang me to tell me about this hack, do you think it was her ??
              it was a held number
              having read your first post, are you saying your live site was hacked or your PC. You need to determine which one before progressing

              If its only the live site then all you need to do is wipe the webspace clean and reupload - although it sounds like your host is already on to it. Ask your host if the server got hacked or if its just your site.

              Regardingthe woman who phoned - this sounds spooky - unless it was your host

              Comment


                #8
                Originally posted by Qai View Post
                if you go into vinyl- slip resistant there is an S on my top navigation bar
                it did have "store top" button and " next level" button Hacked
                If this the only change you've seen?

                Have you been making any changes to:

                Site Options | Links

                This is where the text for these links are determined. Is it possible that they've been over written by mistake?

                i think i have a back up somewhere
                Can I also suggest that you snapshot all the time. Get into good habits now, because once your site is complete and something goes wrong, you'll have to redo an awful lot...

                Take it from a man who knows...

                Army Gore-tex
                Winter Climbing Mitts
                webD's Blog: Website design, SEO and other ramblings…
                Twitter LinkedIN

                If you think a post is good, rate it!

                Find the answers in the Knowledge Base | Have you read the User Guides

                Comment


                  #9
                  I cant see them hacking my pc as I do have a norton firewall on all the time. it must have been on the server then came in that way.
                  I will wipe my site clean then upload again
                  thaks everyone for your help, but keep an eye out for this hack, they may like actinic or php scripts

                  Comment


                    #10
                    I don't think you should advertise the code that the hackers left on your site. You are just adding fuel to the fire.

                    Although the post has already been googled I think you should remove the page source code above in post 3.

                    Comment


                      #11
                      done done done

                      Comment


                        #12
                        My guess is that a bit of spyware or an infected file has maybe come in via an email or something like that. It could have been sitting on your PC for a while before doing the rewrite of your files. A firewall wouldn't protect you from that.

                        Restore a snapshot and do a good thorough spyware and virus scan and you should be back in working order.

                        Comment


                          #13
                          blimey, this feller has been busy:

                          http://www.google.co.uk/search?q=Fun...ient=firefox-a

                          There's nothing i detest more than political/religious cracking.

                          Such a waste of good skill.

                          Comment


                            #14
                            any indication of where the vulnerability was?

                            do you know of good reference site for hacks and solutions Gabe?

                            Comment


                              #15
                              Originally posted by pinbrook View Post
                              do you know of good reference site for hacks and solutions Gabe?
                              lol, none that i can post here.

                              its not something that is black and white, i'm afraid the vector of attack could have been anything, but you can be sure that its probably one of these two:

                              1) The computer was compromised
                              The system where actinic was installed could have been compromised. Virus from emails or other means makes it trivial to replace 'index.html' files on the local machine. Actinic would then upload this as normal. I'd suggest that Actinic should md5 check all files on upload as well as generation, to stop this behavior.

                              2) The server was compromised
                              This takes 2 forms, and the second is usually the vector
                              i) ftp, its very possible for the ftp to have been compromised, because of the nature of the hack in question (some similar hacks also have content in databases).
                              ii) Web server based compromise.

                              This is most likely.

                              Due to the nature of Actinic (cgi-bin perl base), there were some vulns found in some perl. I'm sure they cleared all that up.

                              This type of compromise involves using security faults in server scripts to effect files on the server. For example, a script may accept form post. If this nput is not checked for safety, then its very likely that this input will be used to write malicious data to a disk, or even to a database.

                              The latter does not affect Actinic, since there is no database.

                              I think in this case, if this is a server based hack, its most likely that unchecked perl is the culprit, and if a local compromise is this crackers bag, then I cant vouch for the validity of the computer in question.

                              Regarding how this occasionally happens to Actinic sites, It could be that the server itself is compromised, and has nothing to do with the fact that Actinic is on it. some servers are very badly configured and there are *plenty* of avenues of attack, trust me.

                              Comment

                              Working...
                              X