1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my site was hacked today any help

Discussion in 'Blogging' started by yuyo, Nov 10, 2010.

  1. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    my site was hacked today, when you visit my site you will only see this

    ./h311 c0d3 & Hacker-Man


    any help how to prevent this for happening in the near future?

    thank you in advance..
     
  2. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    Where do you host? Did they hack wordpress? A static HTML/PHP website? A forum?
    Which plugins did you use?

    Provide some more info and you can get tips.
     
  3. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    all sites in wordpress hacked also some in html , hosted in justhost//

    too bad man..
     
  4. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    Sorry to hear that man, that really sucks. If you find out how they got in please share with the rest of us so we can avoid such a situation. Hopefully you've contacted justhost for a solution, I don't know much about them.
     
  5. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    so far i made backups of those sites before, and they are all up and running, i just uploaded the index page from the backups, but i wish to find out how they got in?
    to stop them the next time..
     
  6. menusforyou

    menusforyou Registered Member

    Joined:
    Aug 26, 2009
    Messages:
    76
    Likes Received:
    103
    Occupation:
    Trying to make another 100 off Adsense
    Location:
    Pinellas County
    Your hosting should have login records to your c-panel or if you turned ftp access.

    This is the most common way other than hacking your wp from the wp-admin with brute force.


    I used to crack ftp sites back in the day.

    Check with them 1st to get a file change date on each of the sites. This gives a time stamp.

    Plus an IP aswell.... This Ip can come inhandy if you lost alot of income.

    Post what happened.
     
  7. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    ok i will contact them..
     
  8. paincake

    paincake Power Member

    Joined:
    Aug 18, 2010
    Messages:
    716
    Likes Received:
    3,099
    Home Page:
    Which WP version and what plugins did you have?

    Did you by any chance have cforms or mygallery plugins installed?
     
  9. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    I feel for your pain.

    Can you please tell me which protocol do you use on your FTP with just host?
    A very important thing is to NEVER use purely FTP. And you can contact them to block access via non SSL logins.

    Now to maintenance.

    1) Use WP-DB-MANAGER on a bi-weekly basis. It backup and emails your database. >> hxxp://wordpress.org/extend/plugins/wp-db-backup/

    2) Add the following line to your main .htaccess file (VIA FTP):
    " Options -Indexes " (Without the dashes).

    It prevents directory listings which is very vulnerable.
    Sometimes it is already set. I don't know how Justhost is.

    They are supposed to be a fair host.

    Remember that nothing is bullet proof. You must maintain backups at least weekly / and daily if you run active sites.
    In addition; any wordpress plugin which contain forms is a weak point (SQL injections) >> Avoid them if possible.
     
    • Thanks Thanks x 2
    Last edited: Nov 10, 2010
  10. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    i have in somes sites cforms pluging.. I use core ftp le version..
     
    Last edited: Nov 10, 2010
  11. TheDaemon

    TheDaemon Newbie

    Joined:
    Sep 29, 2010
    Messages:
    14
    Likes Received:
    1
    Most open source solutions have these types of flaws. Because the source is available to anyone who wants to view it, any hacker can scour through the code to find flaws and exploit them.

    That's the tradeoff you have for using open source free software, I'm afraid.

    One of the main things you can do to help with this is make sure that automatic updates are made of your Wordpress versions. This can help with exploits that have been discovered and patched. This lessens the time that an exploit is publicly known to when it is patched on your server. If your host doesn't offer the automatic updates, move to one who does. Leaving an old version of Wordpress, PHPBB or any other commonly used open source software is like leaving the keys to your home outside your house.

    An additional .htaccess and .htpassword file in your wp-admin directory might help as well. It is very easy to do this if you have SSH access to your server, a simple Google search will show you how to password protect a directory. This will at the very least prevent someone who doesn't know the directory password from gaining entry into your admin section. I've personally seen a couple of exploits that require the /wp-admin directory to be available to work.

    There are other things that can be done, and they are more advanced, but the main things would be the ones I mentioned above. Good luck and always keep good backups.
     
  12. soinc16

    soinc16 Regular Member

    Joined:
    Jun 26, 2010
    Messages:
    369
    Likes Received:
    176
    Occupation:
    A dude
    Location:
    Canada
    You got defaced by HackFourms or ***** probably, move on and secure it because some hackers sell vulnerable websites.
     
  13. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    you guys rock, this is the reason BHW is my number 1 site, for all these good people that often come here and help others.

    i appreciated all that bothered in submit your comments about my recent issue.
     
  14. elocin

    elocin Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 26, 2010
    Messages:
    284
    Likes Received:
    79
    My hosting provider was hacked this morning also... Some Iranian hackers.. Said it was in the name of God. LMAO....

    I feel your pain brother... Hang in there, as am I.
     
  15. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    If You have already Fixed it, Let me know!

    And IF its not yet done, Shoot me with INfo, I will get it done!

    ~ExP~
     
  16. yuyo

    yuyo Regular Member

    Joined:
    Oct 29, 2008
    Messages:
    478
    Likes Received:
    24
    I just contacted justhost, they offered me that they will restored the whole system for me form their last back up on Nov 6. I can not ask for anything else.

    I want to thanks all for cooperation and ideas.. and for Elocin please contact your hosting provider tell them what happened to your sites they should be able to help you, to get back..

    cheers.

    Yuyo
     
  17. ┼blackrat┼

    ┼blackrat┼ Senior Member

    Joined:
    Jul 31, 2010
    Messages:
    899
    Likes Received:
    729
    Location:
    Sewer
    WP is very vulnerable as it comes.

    But there are a few things you can do.

    For example, there´s this plugin that blocks an IP after x number of failed login attempts. So you´re protected from brute force. However people are very creative and it´d not be surprising if some hacker made a custom brute force script which rotates proxies. People are pure evil sometimes =)
     
    Last edited: Nov 11, 2010
  18. elocin

    elocin Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 26, 2010
    Messages:
    284
    Likes Received:
    79

    They are doing server reset and should be finished soon. However, Ive been editing WP sites everyday for 2 weeks, so it will be interesting to see what's on their back ups. :confused:

    Here's what the hackers left on the websites being hosted on that server.
    edit: I cant post pics or links.....
     
  19. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    CAN YOU ****ING DISABLE YOUR ANONYMOUS FTP??

    once, My site in Justhost was hacked :) The hackers left their email ids :D I added one in my yahoo :D And He wanted some donation to fix it :D

    And With in a Nap, he started showing me Different Hacker Pages on my homepage :D Passwords wasnt the one he was using :D

    And I just went, Turned of the Anonymous URL, And Hacker Went Offline :D :D And He later told me that, He could have ****ed my Cpanel already, and now he is nowhere to be in :D

    So See? Just Disable it! :)

    ~ExP~
     
  20. elocin

    elocin Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 26, 2010
    Messages:
    284
    Likes Received:
    79
    My "Site" wasnt hacked.. The hosting company(Their Server) was hacked and every single site being hosted with them had a a page from the hackers on their website homepage instead of our content... Got the same page when trying to log into the cpanel...