Announcement

Collapse
No announcement yet.

Hackers has struck my site again

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #16
    Could you have a Bug on your main computer, how good is your anti virus etc

    Might be worth checking out with another program like SPYBOT which is free and prity good
    Chris Ashdown

    Comment

      #17
      You haven't told us if your host has said this is a server hack or a site hack, if its a server hack then you need to ask them what they are doing to stop it however if is a site specific hack the responsibility is yours to remove the vulnerability.

      Assuming its asite hack - moving to another host is not going to help as you arejust taking the problem elsewhere, granted it might take awhile for another hacker to find you, but it willjust be a matter of time.

      Using ftp find out the exact date/time that the pages were overwritten, then ask your host to examine the server logs for that time and a couple of mins either side.

      Comment

        #18
        OK you seem to have missed some of the users questions here

        Mike Asked "Yanni, did you change your usernames and passwords after the previous hacks?"

        Gabe And Jo Asked "Yanni, its imperative that you tell us EXACTLY what other software is installed on your server"

        and "then you need to tell us if you are running any thing else in your webspace - anything other than actinic"

        Changing host is not like changing email addresses. We have already paid for the year
        Maybe its not as easy but it sure aint difficult. So you happy to carry on being hacked for the sake of a few quid.

        do a search for IXWEBHOSTING hacked

        and like lee i have never heard of them

        My host is IXWEBHOSTING which is one of the biggest hosting companies in the globe !!. How can it be the web host ?
        Well they should know better then, perhaps biggest is not always the best, and to be honest do they care about the customer, so you leave and take your few quid with you, i doubt they would even notice

        Seriously, pack ya bags and move IMHO

        Comment

          #19
          File permissions for DD directory

          Could someone let me know what's the value for file permissions on the:

          mysite.co.uk/acatalog/DD directory ?

          At the moment is on value 777, all the following boxes ticked.

          User

          Read
          Write
          Execute

          Group

          Read
          Write
          Execute

          World

          Read
          Write
          Execute
          www.grafea.co.uk
          Vintage Leather briefcases

          http://www.grafea.com
          Designer leather bags
          --------------------------
          Yanni Kioupouroglou

          Comment

            #20
            Yanni, you'll not find your answers without doing as we've already said.

            GO to your host, MAKE them give you the logs.

            Until this happens, you'll panic, and your observations wont be in solid fact.

            Comment

              #21
              I get the feeling someone is NOT listening

              Comment

                #22
                We're not attacking you Yanni, we're trying to help noobs like you help yourselves.

                Comment

                  #23
                  I have attached the logs as a word file zipped.

                  The directory in question is: mysite.co.uk/acatalog/drwxrwxrwx/halifax-online.co.uk/

                  I have changed passwords since last attacks. Last attacks were on the .com site. Now it is on the .co.uk

                  I'm only running Actinic on these sites.
                  Attached Files
                  www.grafea.co.uk
                  Vintage Leather briefcases

                  http://www.grafea.com
                  Designer leather bags
                  --------------------------
                  Yanni Kioupouroglou

                  Comment

                    #24
                    I've traced the hacker's IP 87.70.154.242 , seems to be in Jerusalem !
                    www.grafea.co.uk
                    Vintage Leather briefcases

                    http://www.grafea.com
                    Designer leather bags
                    --------------------------
                    Yanni Kioupouroglou

                    Comment

                      #25
                      Yanni thats not really going to help you at all, how they hacked you is more important, and reading through the internet this seems to be a common problem with your host.

                      I have to say after three attempts i would be off like a shot. Unless you have loads of spyware on your pc and someone has obtained your ftp details, which lets face it aint hard for a keylogger.

                      Comment

                        #26
                        I've analyzed this log (because I'm kind like that).

                        This log shows a classic compromised server, used to harvest bank details from halfwit Halifax users. What it doesn't show is HOW you were compromised, only that malicious actions took place.

                        There are dozens of files, mostly red herrings, scattered across the server. This is designed basically, to keep people mucking around and worried while the script collects more bank details.

                        I don't think that a flaw in Actinic did this. I think your hosts poor record for security did this. I'd consider ALL of your customers personal data potentially compromised.

                        Your site was host to some pretty nasty phishing scripts. Move hosts
                        NOW

                        Comment

                          #27
                          All right, thanks for that.

                          I don't store any personal details of customers other than name and addresses as all payments are handled by paypal.

                          Thanks for your help any suggestions for a good safe host ?
                          www.grafea.co.uk
                          Vintage Leather briefcases

                          http://www.grafea.com
                          Designer leather bags
                          --------------------------
                          Yanni Kioupouroglou

                          Comment

                            #28
                            Originally posted by Yanni View Post
                            I don't store any personal details of customers other than name and addresses as all payments are handled by paypal.
                            Epic fail:
                            customers type their name, email and addresses into forms online, in Actinic. Its trivial to hijack them with access to the perl, and html forms online. with this information, havoc can ensue. Imagine if the hacker phoned your company and quoted his name, account number and email address, and then demanded that you send a trendy bag that was 'lost' in the post.

                            ...and whtever you do, dont use 123-reg.

                            Comment

                              #29
                              Sure, once the orders are downloaded on my PC they vanish from the server and I do that once every day.

                              These hackers are one in Israel and the other one in Abuja !. To require a free leather briefcase, he will need to quote the tracking number from city-link and I have access and can check whether a particular bag was delivered or not.

                              To be honest my worst nightmare is not whether they can get away with a free bag or not but the reputation of the site against google. You don't want your site to be associated with some Russian porn site.

                              To make matters worse this morning I've had an email from RSA.com prevention team threatening me to close the site down !

                              Oh well...now keep on searching for a new host !
                              www.grafea.co.uk
                              Vintage Leather briefcases

                              http://www.grafea.com
                              Designer leather bags
                              --------------------------
                              Yanni Kioupouroglou

                              Comment

                                #30
                                Originally posted by Yanni View Post
                                To make matters worse this morning I've had an email from RSA.com prevention team threatening me to close the site down !
                                RSA Cant close you down. they are a security company offering services, i would be more worried about the FBI and MI5

                                interesting news article though http://news.bbc.co.uk/1/hi/technology/7584258.stm

                                Comment

                                Previous 1 2 3 template Next
                                Working...
                                X