1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many of my sites are hacked!!

Discussion in 'BlackHat Lounge' started by catwithhat, Jun 27, 2011.

  1. catwithhat

    catwithhat Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 6, 2010
    Messages:
    577
    Likes Received:
    435
    Location:
    Europe
    7 of my sites look like this now. Crazy! Go to hell KurDish HaCkerZ!

    Code:
    http://www.eveonlineships.net/
    This is my first time to get hacked by someone and i dont know what to do next. I catch sight of hacking just few minutes ago...:confused:
     
  2. eric_corley

    eric_corley Newbie

    Joined:
    May 7, 2011
    Messages:
    14
    Likes Received:
    0
    What CMS are you using? May be a good idea to get a new host.
     
  3. HeXeR

    HeXeR Junior Member

    Joined:
    Dec 30, 2007
    Messages:
    121
    Likes Received:
    15
    Occupation:
    Self-employed
    Location:
    EU
    Home Page:
    Google cache -> <meta name="generator" content="WordPress 3.1.2" />

    Check plugins, reset FTP passwords and yeah get new host if your sites were clean.
     
  4. schwarz

    schwarz Newbie

    Joined:
    Apr 29, 2010
    Messages:
    25
    Likes Received:
    8
    Your WP admin name is "admin"? Then Google for: "Anatomy of a wordpress dictionary hack"
    First result. Scroll down to see the useful links...
     
  5. glockson

    glockson Registered Member

    Joined:
    Mar 9, 2011
    Messages:
    65
    Likes Received:
    26
    Its the server fault, he simply replaced your default index page with like default.htm, i wont be surprised if you find default.html, index.cfm, index.htm and all other variations, he only has access to write but not replace.. its a very weak hack., just set your default document to be index.php and and he will never overwrite it
     
  6. BugFixed

    BugFixed Junior Member

    Joined:
    Sep 24, 2010
    Messages:
    130
    Likes Received:
    39
    If not from server level, it can be from your email which has a sensitive data, or from these parameters

    eve-online-ships-sel.php?classe=NN&faction=NN&desc=eve-online-ships-assault ships

    Not sure if your script has been secured.
     
  7. skinhead

    skinhead Registered Member

    Joined:
    Apr 23, 2009
    Messages:
    66
    Likes Received:
    1,400
    Download this one for free:

    HTML:
    http://iscanner.isecur1ty.org/
    iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.
    This tool has been programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.



    Current Features:


    • Ability to scan one file, directory or remote web page / website.
    • Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares.
    • Extensive log shows the infected files and the malicious code.
    • Support for sending email reports.
    • Ability to clean the infected web pages automatically.
    • Easy backup and restore system for the infected files.
    • Simple and editable signature based database.
    • You can easily send malicious file to iScanner developers for analyzes.
    • Ability to update the database and the program easily from iScanner's server.
    • Very flexible options and easy to use.
    • Fast scanner with great performance.
    • Yes, it's FREE!!

    Working On:


    • Extending the database to make it able to detect viruses and malicious files.
    • Standalone version works on top of JVM.
    • Microsoft Windows compatibility.
    • Export log in other formats (xml, html).
    • Build remote scanner service with API.
    • Any ideas?
     
  8. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,569
    Likes Received:
    1,016
    Location:
    ohio
    i bet you got a virus on your computer and it went through your ftp to your sites. that happened to me before.
     
  9. thetraveller

    thetraveller Senior Member

    Joined:
    Mar 9, 2009
    Messages:
    1,121
    Likes Received:
    686
    Occupation:
    thousandsmouseclicks
    Location:
    Eastern Europe
    Yes, it happened to me with filezilla if you saved the passwords.. bad days..
     
  10. cnick79

    cnick79 Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2010
    Messages:
    653
    Likes Received:
    341
    Location:
    Google's SandBox
    This just happened on one of my shared hosting accounts. I noticed all of my websites had their root index.php file replaced with the "hacker's" and a Mailbox.php file.

    I like how these guys call themselves "hackers" when they really seem to be script kiddies running PW crackers on blogs. In the end, it was my fault for using a weak PW.
     
  11. catwithhat

    catwithhat Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 6, 2010
    Messages:
    577
    Likes Received:
    435
    Location:
    Europe
    I have few questions:

    1) I was wondering can Hostgator provide me with system restore to restore my sites to earlier date?
    2) Im thinking to follow to this tutorial http://smackdown.blogsblogsblogs.co...ely-clean-your-hacked-wordpress-installation/
    Im curious about point 4 which tells me that: Delete all of the files and folders in the WP directory, either through FTP (slower) or through cPanel's File Manager (faster).
    How this could harm my SEO and Google rankings?
    3) Do I have to create new MYSQL databases also?

    I just dont want to mess up anything. Mostly I worrie about my sites lose rankings and my previous SEO work going to waste.

    I can provide you with all needed information (passwords etc.) if you can/want to help me personally... :)

    Thank you!
     
  12. BugFixed

    BugFixed Junior Member

    Joined:
    Sep 24, 2010
    Messages:
    130
    Likes Received:
    39
    1. I doubt it, HG has daily backup.
    2. No it wont affect your SEO and G PR.
    3. Not necessary, BUT first thing to do before anything, view your WP config file and make a note for database configuration like:
    database name, database username, database password.

    I didnt read the link on point 2.
    The easiest way, is by replacing all files on server with extracted WP files from your PC via ftp. DON'T REPLACE WP-config.
     
    • Thanks Thanks x 1
  13. inen123

    inen123 Newbie

    Joined:
    Sep 14, 2010
    Messages:
    19
    Likes Received:
    5
    Okay. All sites are okay now, but one problem is still need to be solved. Can anyone help me with this. hxxp://communicationintheworkplace.net. Seems like hackers somehow delete wp-config file from WP directory. Any suggestions how to restore this file, maybe some mysql backup or smth? Thanks a lot!
     
  14. SahL

    SahL Elite Member

    Joined:
    Jan 8, 2011
    Messages:
    1,594
    Likes Received:
    1,296
    Occupation:
    ★SEO expert and ★Sexpert
    Location:
    Bombay
    Home Page:
    HTML:
    http://www.eveonlineships.net/
    your site is perfectly fine ?
     
  15. twitter.followers

    twitter.followers Elite Member

    Joined:
    Mar 23, 2011
    Messages:
    1,768
    Likes Received:
    2,208
    Its working fine for me.
     
  16. inen123

    inen123 Newbie

    Joined:
    Sep 14, 2010
    Messages:
    19
    Likes Received:
    5
    Im catwithhat twinbrother, i ask solutions from my username. This site works perfectly, but one of our sites is still something wrong: hxxp://communicationintheworkplace.net

    Thanks!