Announcement

Collapse
No announcement yet.

Site Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Site Hacked

    This evening I had my site hacked, some one replaced the index.html file @ /acatalog/index.html with another stating that my site had been hacked. I initially thought I had a virus on my hard drive so I fully scanned it out with my installed virus scan and another online scanner.

    Both showed no threats so I can only assume my hosts server was attacked or some one gained access through ftp? I manually logged on with ftp and found 4 rogue html files and a php file which I deleted and then refreshed the site. All is working now but I'm unsure how this was done.

    I also unsure about what action to take now? I have changed passwords and mailed my host, but is there anything else I should doing?
    Regards
    Rob
    ILUVM Wholesale Silver Jewellery
    http://www.iluvm.co.uk
    http://www.the-free-directory.co.uk

    #2
    You can check your site access logs - might show something.

    Comment


      #3
      Sympathy...

      Have you contacted ....

      http://www.met.police.uk/computercrime/#SO6

      they may offer some assistance, (not much I suspect), but you have to log this sort of thing to raise the importance of this issue which is only going to get worse, (theres no CCTV on the web) ... and crooks know it.......Scotland Yard spend a miniscule amount in their budget on internet fraud.... the ecommerce world will take the brunt until we get together and make it a vote winning issue.

      Not sure what I would do, would you move your site.... does this effect site ranking ... I think it does, if not done with some thought

      http://www.thesitewizard.com/archive/movinghosts.shtml

      Who is your ISP, what did they say ? Perhaps steer clear from them, and inform others of how the problem occurred, again ISP's will shape up if they get enough bad press, well at least get better than they are at the mo.

      S.
      esafetysigns.co.uk
      your instant download portal for self printable health and safety signs and posters
      ... download once use as many times as you like !


      http://www.esafetysigns.co.uk/index.html
      http://www.esafetysigns.co.uk/acatalog/index.html

      Comment


        #4
        would you move your site.... does this effect site ranking
        moving site shouldn't affect ranking as it is the domainname that is indexed by search engines and not the IP or host/server

        Comment


          #5
          Site hacked

          Easyspace is my host and I have have had numerous problems with them. I certainly would not recommend them to anyone. This I can not blame them for, this is one of thoses things that happens I'm afraid.

          They have not replied yet as phone support ends at 5:30pm and e mail support starts although its far quicker to phone in the morning as they do not reply to most e mails until about 24 hours.
          Regards
          Rob
          ILUVM Wholesale Silver Jewellery
          http://www.iluvm.co.uk
          http://www.the-free-directory.co.uk

          Comment


            #6
            If your server space has features you do not use or need often worth either removing them entirely or ensuring any default passwords are changed for things such as PHPmyAdmin, databases etc as they often ship with a default set of passwords that are known to the hacking community


            Bikster
            SellerDeck Designs and Responsive Themes

            Comment


              #7
              Bad Host (easyspace)

              Having spoke to my host easyspace today about my site being hacked, I've decided to dump my host and try to find a host that actually offers a professional service and a little customer support. I do not expect them to correct any errors in scripting, programming, problems etc with my website but myself and my partner have found them to be rude, aggressive and unprofessional. Rant over.

              My host stated that my connection between computer and web space/database probably has been intercepted and the ftp coding has been gained from this. They also stated that this is the only way anyone else can access your webspace.
              I am not knowledgeable enough in these matters to know if this is the only way or not, I'm just worried my webspace is not secure. I asked if the access log would show anything which they said they don't have access to it?
              Is there any danger with my payment providers? I know they are on different servers, use ssl and we do not hold any credit card details. Is there any other data that may at risk?
              Regards
              Rob
              ILUVM Wholesale Silver Jewellery
              http://www.iluvm.co.uk
              http://www.the-free-directory.co.uk

              Comment


                #8
                I know you said you had checked for virus, but suggest you try another couple of virus/worm checkers to see if your computer is infected and sending details to another computer

                I suggest the Microsoft antispywere and also Spybot, Both are free and very good

                Try a search on Google to find them
                Chris Ashdown

                Comment


                  #9
                  Virus scan

                  I've already used Panda, Ewido & Norton. I also use Ad aware, Spybot, windows defender & ccleaner! all show hard drive clear.
                  Downloaded trojan detector but this also showed system clean.
                  Regards
                  Rob
                  ILUVM Wholesale Silver Jewellery
                  http://www.iluvm.co.uk
                  http://www.the-free-directory.co.uk

                  Comment


                    #10
                    Are you sure that the ID and password you use for FTP are the only way to gain access? No 'guest' user ID or Anonymous FTP options (normally, Anonymous give access to a clearly-defined directory set aside for public access, but.... ) Anyway, changing your provider sounds like an essential move in the current situation. A hosting service that doesn't keep, doesn't know how to set up, or won't investigate its site access logs doesn't deserve to survive for very long. Good luck!

                    Comment


                      #11
                      Noticed that within the files added was a php file.

                      There are a number of php applications that hosts deploy or maybe even you deployed onto your site (forums being the main ones) which if not kept up to date can allow the access needed to rewrite pages of the site with a few simple keystrokes... so if you ftp username and password are not of the simple kind, i.e. not names or regular (dictonary words), then would check you do not have php scripts on your domain which might be out of date and allowing hackers in through old vulnerabilities...

                      Just an idea as if you are using a BB forum and you simply install the same version again, then the same thing could happen again as the vulnerabilities still exist... Just some more ideas for you.

                      Comment

                      Working...
                      X