1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My site has been hacked :(

Discussion in 'Blogging' started by anti_dote, Jan 7, 2012.

  1. anti_dote

    anti_dote Power Member

    Joined:
    Dec 20, 2009
    Messages:
    658
    Likes Received:
    153
    Occupation:
    BlackHat IM
    Location:
    Under Your Bed
    Wow I need help my site has been hacked, I have lost the admin password and ALT email.

    it says this error
    "$ Hacked by ghost-dz
    $ Osm Dz Attack"

    when i ran a scan on Sucuri Site check this is what I found

    Code:
    Web site defaced. 
    Details: [URL]http://sucuri.net/malware/entry/MW:DEFACED:01[/URL]
    <title>Hacked by ghost-dz</title> 
    
    Please can someone help me I am using this site as my final year project at my college :( WTF
     
  2. BlackTagine

    BlackTagine BANNED BANNED

    Joined:
    Aug 24, 2011
    Messages:
    378
    Likes Received:
    33
    DZ hackers are under your bed now ??am sorry for you , hope someone solve your issue soon !!Is this a wp blog by the way ??
     
  3. anti_dote

    anti_dote Power Member

    Joined:
    Dec 20, 2009
    Messages:
    658
    Likes Received:
    153
    Occupation:
    BlackHat IM
    Location:
    Under Your Bed

    Yup, basically the site is there I mean all my pages are there but there were few pages that were never filled those empty pages gives this error, beside I lost my Admin password and Editor password.

    Damn I wish I would have a taken a backup earlier(clean one) but duh.
     
  4. keadams26

    keadams26 Regular Member

    Joined:
    May 9, 2009
    Messages:
    462
    Likes Received:
    274
    Home Page:
    Contact your web host.
     
  5. download

    download Jr. VIP Jr. VIP Premium Member

    Joined:
    May 4, 2010
    Messages:
    1,271
    Likes Received:
    712
    Location:
    USA
    Your hosting provider may have an automatically generated backup. Just hope for that :p
     
  6. BlackTagine

    BlackTagine BANNED BANNED

    Joined:
    Aug 24, 2011
    Messages:
    378
    Likes Received:
    33
    I found this email from wordpress firewall my website is still up
    but don't know what will happen soon !

    WordPress Firewall has detected and blocked a potential attack!

    Web Page: $offending_url
    Warning: URL may contain dangerous content!

    Offending IP: 178.137.166.209 - http://ip-lookup.net/?ip=178.137.166.209
    Offending Parameter: $_FILE = index.bak.php

    This may be a "Executable File Upload Attack."

    Can any one say what this file "index.bak.php" if it's uploaded in my server ???
     
  7. Virus1

    Virus1 Supreme Member

    Joined:
    Dec 13, 2010
    Messages:
    1,326
    Likes Received:
    1,409
    Occupation:
    destroyer of worlds...
    Location:
    Welcome to Black Hat World........................
    Home Page:

    That could be some type of silent install....
     
  8. poweronics

    poweronics Jr. VIP Jr. VIP Premium Member

    Joined:
    May 1, 2011
    Messages:
    3,117
    Likes Received:
    353
    Occupation:
    Freelancer
    Home Page:
    Your hosting company seems to be sleeping !!!
     
  9. anti_dote

    anti_dote Power Member

    Joined:
    Dec 20, 2009
    Messages:
    658
    Likes Received:
    153
    Occupation:
    BlackHat IM
    Location:
    Under Your Bed
    I have sent an email to hosting providers but I guess those suckers are sleeping, plus I do not believe that they can do something :( am I Doomed ? :(:(
     
  10. David123456789

    David123456789 Newbie

    Joined:
    Jan 6, 2012
    Messages:
    9
    Likes Received:
    0
    wow that sucks
     
  11. David123456789

    David123456789 Newbie

    Joined:
    Jan 6, 2012
    Messages:
    9
    Likes Received:
    0
    badlllllllllly
    \
     
  12. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Nice way of trying to inflate your post count. All useless posts. Reported.
     
    • Thanks Thanks x 1
  13. idsignup

    idsignup Junior Member

    Joined:
    May 4, 2011
    Messages:
    195
    Likes Received:
    8
    Home Page:
    what's your framework?
     
  14. ibmethatswhoib

    ibmethatswhoib Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 17, 2011
    Messages:
    1,560
    Likes Received:
    1,156
    Occupation:
    Staying Informed
    Location:
    Bay Area, Ca
    Home Page:
    I just got that too.

     
    Last edited: Jan 12, 2012
  15. sohping

    sohping Newbie

    Joined:
    Dec 18, 2011
    Messages:
    25
    Likes Received:
    2
    if your website is wordpress, try to re install wordpress.. or go to your ftp main root of the website. erase all you have uploaded and check if it is still hack. if not re upload all file you have upload from the start.

    if does this not word contact you webhost provider to fix the issues
     
  16. mark27

    mark27 Regular Member

    Joined:
    Dec 19, 2011
    Messages:
    224
    Likes Received:
    105
    This is probably a good time for everyone reading to backup everything they have.

    Personally I can't sleep at night if I don't have at least a backup folder on my hard drive and another backup folder on my external hard drive. For stuff like my main accounts/passwords I keep that on good old fashioned paper tucked away nicely, but I'm what most people call paranoid.
     
    • Thanks Thanks x 1
  17. anti_dote

    anti_dote Power Member

    Joined:
    Dec 20, 2009
    Messages:
    658
    Likes Received:
    153
    Occupation:
    BlackHat IM
    Location:
    Under Your Bed
    Yup are right that how you can do this damage control, for the record yes I had to uninstall the Wordpress installation and created the website again from scratch and this time took the backs ups, so if you wish to avoid any such incident create your backups.


     
  18. markhenry121

    markhenry121 Elite Member

    Joined:
    Oct 14, 2011
    Messages:
    2,149
    Likes Received:
    239
    You should contact with your hosting company they will solve your problem.
     
  19. everythingred

    everythingred Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 21, 2010
    Messages:
    1,869
    Likes Received:
    1,232
    anyone have any plugins that they recommend to prevent these things?
     
  20. MitchHoward

    MitchHoward Junior Member

    Joined:
    Jan 16, 2010
    Messages:
    192
    Likes Received:
    96
    - ultimate-security-checker.

    Other plugins to use to stop/delay hacking attempts to your site:
    login-lockdown - will allow only 3 failed attempts before locking the site for 15 minutes before allowing login again.
    secure-wordpress - will add empty index.php file into all directories to prevent browsing

    Some of the basic things you could do yourself:
    1. EVERY directory (Including images, upload, download etc) should have an empty index.php file - without this empty file people can browse and see what is inside those directories (secure-wordpress will assist in this task)
    2. By default Wordpress installation offer "admin" as the login ID - So if you use "admin" as the default login, the hackers already got your UserID - now they only need to run a hacking script against your site to crack the password!
    3. The default prefix for databases is the first 8 characters of your domain name - Again the hackers already got the first part and to figure out the rest is childs play for them! (This and more is addressed by the ultimate-security-checker plugin)

    So download and install the ultimate-security-checker plugin plus the other 2 suggested
     
    • Thanks Thanks x 6