my site was hacked
- Thread starter ::ALEX::
- Start date
- Status
well, it seems your website is defaced, as i read in the first post, not hacked. there is a serious difference between a defacement and hacked server.
Defacement of a server means that they gained access thru a scripting error, a mysql injection or a backdoor in a (nulled) script. But it is not restricted to scripting only, it could mean that your server is running not up to date software (apache, php, exim, or whatever is installed and running)
How to proceed, make sure that on your end you have up to date software, install security patches everytime they are released, keep your server up to date (or ask your hoster) Tell your hoster that you have been defaced (ask maybe for access, error and other logs regarding your domain as you cannot reach it yourself)
Overlook your directories for malicious code, sometime they are able to upload just a bit of code and redo the defacement, and as i see in you first post the guy or girl who did this is posting it to let you know there is a security flw in you config or scripting, google his/her name maybe you might find a solution to your problem. Or even a contact email and ask him what he/she did and how to solve it.
there is mostly one solution to defacements: update update update over and over again.
Defacement of a server means that they gained access thru a scripting error, a mysql injection or a backdoor in a (nulled) script. But it is not restricted to scripting only, it could mean that your server is running not up to date software (apache, php, exim, or whatever is installed and running)
How to proceed, make sure that on your end you have up to date software, install security patches everytime they are released, keep your server up to date (or ask your hoster) Tell your hoster that you have been defaced (ask maybe for access, error and other logs regarding your domain as you cannot reach it yourself)
Overlook your directories for malicious code, sometime they are able to upload just a bit of code and redo the defacement, and as i see in you first post the guy or girl who did this is posting it to let you know there is a security flw in you config or scripting, google his/her name maybe you might find a solution to your problem. Or even a contact email and ask him what he/she did and how to solve it.
there is mostly one solution to defacements: update update update over and over again.
My suggestion is to find out how he got in, if you have SSH access this shouldn't be too hard. Have a look at the access logs, error logs, look for files that were modified the last x days (find /home/you -iname "*.*" -mtime -60 -print) => replace 60 by the amount of days.
If you need any help (only with SSH access) I'm available for hire to have a look :P
If you need any help (only with SSH access) I'm available for hire to have a look :P
Dear...we can See your Joining Date: Jun 2012.....Its NO more A Secret !!
So, Please Relax&Enjoy your Time.
For OP:ALEX: Yeah! Man Disinfecting whole system should be your 1st Step.....then going real Hard with Passes.....& Finally your Server&Files Check.
GOODLUCK Bro.......Hope you get well soon.
Last edited:
Defacement's are not done to show the admin of the site that there is a flaw, they do it to gain respect in the "Hacker world"
When a site is defaced it is submitted to http://www.zone-h.org/ which basically logs the total hacks / defacement's of the group and so forth. As someone said earlier if your using anything nulled STOP and get the real deal. When ever something is hacked on our servers we do a format and restore. But it's pretty rare for us to be hacked, it has never happened on our hosting servers and I welcome anyone who wants to make a name for themselves to give it a try. For those that might try and open up putty and say OH OHHHMYGHGHGHGHGHG ROOT AUTHORIZATION OMG NOOB, No. People who need to change to a different port are the noobs because any hacker has a port scanner and can easily find out what port SSH is listening on. Unless you got with key auth then you can just get into their pc.
If you think you might of had a key logger on your pc then yes format it. Also, if your using legitimate software google the version number to see if there are any exploits listed. 0day exploits are usually out to the public within a week. As for who ever said you can check the logs if it's a vps or dedicated...Just I'm speechless, a good hacker doesn't leave a trace and please don't reply with "IF THEY USE A PROXY I CAN FIND OUT" Hackers are far beyond proxies and are well protected (If their smart...)
Pro tip, if you find your site on the zone list and it says multiple site defacement then your server has been exploited and your host is not aware and in all honesty...you should move if this is the case.
When a site is defaced it is submitted to http://www.zone-h.org/ which basically logs the total hacks / defacement's of the group and so forth. As someone said earlier if your using anything nulled STOP and get the real deal. When ever something is hacked on our servers we do a format and restore. But it's pretty rare for us to be hacked, it has never happened on our hosting servers and I welcome anyone who wants to make a name for themselves to give it a try. For those that might try and open up putty and say OH OHHHMYGHGHGHGHGHG ROOT AUTHORIZATION OMG NOOB, No. People who need to change to a different port are the noobs because any hacker has a port scanner and can easily find out what port SSH is listening on. Unless you got with key auth then you can just get into their pc.
If you think you might of had a key logger on your pc then yes format it. Also, if your using legitimate software google the version number to see if there are any exploits listed. 0day exploits are usually out to the public within a week. As for who ever said you can check the logs if it's a vps or dedicated...Just I'm speechless, a good hacker doesn't leave a trace and please don't reply with "IF THEY USE A PROXY I CAN FIND OUT" Hackers are far beyond proxies and are well protected (If their smart...)
Pro tip, if you find your site on the zone list and it says multiple site defacement then your server has been exploited and your host is not aware and in all honesty...you should move if this is the case.
- Status