1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Website Down.....Or is it...Need some advice .

Discussion in 'Web Hosting' started by Duffers5000, Jan 12, 2013.

  1. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,466
    Likes Received:
    7,615
    About 8 months ago my sites got hacked.

    Turned out to be a server side hack and Hostgator were excellent and were able to reinstall all my wordpress sites.

    Unfortunately I lost a html site that I had been building and had no backup(I learnt a lesson that day)

    So the site was gone and if I typed in the url all I got was a white sheet. Didnt worry about it too much was just happy to get my main sites operating again. This morning I decided to look into opening an Amazon review site just to try out something different. I figured the domain of the dead site would work well so I pulled that up, when I was clicking the link in my history bar I didnt click the www.domain/ I clicked www.domain/inner-page and there it is. My entire site is still intact its just the home page that appears to be gone.

    As it turns out the site is better than I remember so I want to get it running again. So looking for suggestions on what might be wrong and what I should be doing to get it running again.

    Many thanks
     
  2. allenpaul123

    allenpaul123 Regular Member

    Joined:
    Mar 29, 2011
    Messages:
    209
    Likes Received:
    71
    Location:
    Internet
    Check for index.html/index.htm at root directory of your site. I think index.html was mainly targeted by hackers.

    EDIT: Check HTML source of the blank homepage visible in your browser, is there any code written?
     
    • Thanks Thanks x 1
  3. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    Backdoors can be injected anywhere. Your best try would be to search for common spam codes like eval, base64_decode and so on. Use an editor like Dreamweaver or netbeans and search in the whole project.

    It does help if you have good programming skills. cheers..
     
    • Thanks Thanks x 1
  4. tnhomestead

    tnhomestead Regular Member

    Joined:
    Oct 9, 2011
    Messages:
    385
    Likes Received:
    253
    Location:
    Tenneessee USA
    Home Page:
    Sounds like they either overwrote your index file or changed the name. Look for index.htm or index.html also look to see if there is a index.php, depending on how your setup and what the hackers did. Also like suggested above, when you get the white page, click view source in your browser will give you some ideas on whats going on.
     
    • Thanks Thanks x 1
  5. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Your index file is gone.

    index.htm
    index.html
    index.shtml
    index.php
    index


    Just rebuild that and you'll be good. I would however recommend downloading the files and looking for any malicious code. Hackers will normally put it at the top/bottom of the file in PHP. Usually encoded using gzip/zip/base64/rot13/eval statements. May also be obfuscating the variable names and using a character shift. Pretty much if it looks odd and long, it's malicious. You can use notepad++ to search a directory of files for a string so you could search for those functions. If you have access via SSH you can use grep.
    Code:
    grep -r "eval" .
    If I recall that's it.

    Also worth searching for anything using curl. That could download new malicious files.
     
    • Thanks Thanks x 1
  6. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,466
    Likes Received:
    7,615
    Thanks for the replies. Going to start working on it this evening to see what I can do.