Announcement

Collapse
No announcement yet.

site hacked - how?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • site hacked - how?

    I got to work today to be greeted by a number of phone calls informing me that our website had been hacked.

    When i got online instead of our usual home page there was a page that said [Hacked by LatinHackTeam] and a load of other blibbidy, blah, blah nonsense.

    It isn't a website hosted by WHUK its one we are still waiting to migrate to here.

    Thanks to my dialogues with WHUK support, i took a (not very educated) guess and found that our front page index.php had been changed. I over wrote that file with one from our backup and everything was fine.

    But how did they do it?
    Before I forget - I'm on a Linux Reseller Plan lol

  • #2
    Hi,

    Your website could have been brute forced, exploited or generally logged into. I'd advise you to check email, ftp and database accounts for any suspicious users and change all passwords as a security measure.
    Webhosting.UK.com || cPanel VPS Hosting || Reseller Hosting

    Sales: 0808-262-0855
    Support: 0800-612-8725
    International: +44 191 303 8191

    Comment


    • #3
      Thanks Dan I'll do that...

      Security is one of the topics I need to understand more. I suppose there must be a tutorial or something in the knowledge base, I'll have to go and have a look.
      Before I forget - I'm on a Linux Reseller Plan lol

      Comment


      • #4
        Sorry to hear about that hmcm2006

        Passwords are one of the worst problems when it comes to security measures, generally, as people tend to pick something that's easy to remember, but at the same time it makes it easily guessable, especially via the brute force dictionary attacks that Dan mentioned.

        As Dan said the best course of action is to check all possible accounts, to make sure only the ones you setup are there, and as a security measure change all of the passwords.

        Often overlooked, I would also severely recommend scanning any computers that have access to the site with an up to date virus scanner, as there are some rather nasty trojans around at the moment that can track the likes of ftp logins, which send the data back to the creators, and they can gain access to your site that way. This is one of the ways <iframe> injections have been made possible recently.
        Hexo
        -------
        The man that knows how, is always working for the man that knows why

        Comment


        • #5
          @ hmcm2006 : we are glad to know that your issue has been fixed and website is working fine now

          Yeah, easy to guess passwords are real culprits which may get hacked if our machine gets compromised hence its always recommended to have powerful, updated antivirus on our machine / server which will ensure security from such threats.

          iframe are getting worst, millions of websites have been adversely affected by <iframe> injections... as saying goes " Prevention is better then Cure " hence we should always scan our machine and should avoid unnecessary downloads

          iframe injections are usually done through ftp accounts so you should keep difficult to guess FTP passwords. Also you can request your webhosting service provider to upgrade kernel on your server for better security.
          UK VPS Hosting || Managed Server Hosting || Reseller Hosting
          Webhosting affiliate program can make you earn upto 300 Webhosting UK Affiliate

          Comment


          • #6
            Good morning,

            I recently sent my passwords for RDP and Plesk to [email protected] by mistake.

            I only realised this after not getting a reply.

            I notice that this domain has been bought but may be available, snap it up.

            Bye

            Ian
            Forums are about debating pleasantly not agreeing.

            Comment


            • #7
              Hi Ian,

              Please reset the passwords and make sure the passwords are complicated.

              Webhosting.co.uk is registered since 1996, and is used by Express Hosting provider.

              Comment


              • #8
                Originally posted by IanSmithISA View Post
                Good morning,

                I recently sent my passwords for RDP and Plesk to [email protected] by mistake.

                I only realised this after not getting a reply.

                I notice that this domain has been bought but may be available, snap it up.

                Bye

                Ian
                Thanks Ian I will start working on it.
                Web Hosting UK - ASP MSSQL Hosting - cPanel Linux Hosting
                AIM : webredback || msn : andrew @ webhosting.uk.com
                Toll Free : 0808 262 0855

                Comment

                Working...
                X