PDA

View Full Version : My Sites been hacked!



Blue Cat Buxton
06-25-2004, 04:53 AM
The one in my link

It looks like they just replaced the index file - but left the original in place

the messagethe left can be seen at:http://www.wideopenspaces.co.uk/indexhack.html

How can I stop this happening?

tomek
06-25-2004, 05:04 AM
inform your web-hosting provider about it!
do you use any scripts on your page? (e.g. forum script etc.) - they can be a problem... if you are - be sure to use the most up to date version of them...

and...

it wasn't me :rolleyes:

chromate
06-25-2004, 05:38 AM
Most likely cause if they replaced your index file is poor choice of passwords. Or they may have first hacked your computer (where your passwords are most likely stored) and then used them to access your site.

As tomek says, inform your host. They may have hacked in at a deeper level and then worked up to where your site is stored.

Check your ftp / web / error logs and see if you can find out what happened.

incka
06-25-2004, 05:58 AM
If you are using CPANEL look at your ftp access logs, get their IP address and contact FBI (I doubt british police will do anything).

Chris
06-25-2004, 06:21 AM
If you host on windows there are scripts that can hack into your box automatically.

Blue Cat Buxton
06-25-2004, 06:32 AM
Thanks for the advice guys...

inform your web-hosting provider about it!

Done this, waithing for a reply...


Most likely cause if they replaced your index file is poor choice of passwords. Or they may have first hacked your computer (where your passwords are most likely stored) and then used them to access your site.

I thought the password was secure, but have changed it anyway

just going through the access logs now

Would the FBI be interested?

incka
06-25-2004, 06:36 AM
People who hack often hack alot and know other hackers. If you have an IP address of a hacker the FBI could use it to track down the hacker and other hackers.

Blue Cat Buxton
06-25-2004, 06:55 AM
I cant get onto the ftp logs, looks like they may have deleted them.

Still waiting for the host to get back to me :( , but at least the site is back up.

Blue Cat Buxton
06-25-2004, 07:32 AM
Message from host - published on their user forums.....


We have a hacker on our server and many other servers. We think it is a CPanel glitch. Our backup harddrive may not even work in this situation. The hacker "Status-x" has hacked over 1000 websites and will mostlikly get to you. I have back many sites up but back your own while it is still ok. The hacker has been only leaving an index.html file on your main page. But back your site up just incase anything else happens.

Kyle
06-25-2004, 09:38 AM
Move to a new hosting company.