SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Thread: Help - Hackers have taken over my site!

  1. Sep 11, 2010 19:43 #1
    kinkarso
    kinkarso is offline
    SitePoint Enthusiast kinkarso's Avatar
    Join Date
    Sep 2006
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help - Hackers have taken over my site!

    Well, kind of. I was notified by Google that there has been phishing pages uploaded on my website that, of course, I did not initiate. I went through the access logs and saw when and how they were uploaded - through a shell script!

    I was able to trace and delete 3 different shell scripts located at various locations on my site, but as I keep looking, it seems they are everywhere. Is there any way I can do a site-wide malware scan that would pinpoint these buggers so I can get rid of them?

    Thanks,
    Donny
    Follow Me (new!): @donnyouyang
    Founder @ Rayku | Kinkarso Tech
  2. Sep 14, 2010 17:16 #2
    Force Flow
    Force Flow is offline
    Barefoot on the Moon! silver trophy
     Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    3,665
    Mentioned
    21 Post(s)
    Tagged
    1 Thread(s)
    First, change your passwords.

    Second, contact your hosting provider about the situation.

    Third, make sure all the software is up-to-date. That includes apache, PHP, MySQL, wordpress, forum software, etc
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain
  3. Sep 26, 2010 16:32 #3
    mangiaphoto
    mangiaphoto is offline
    SitePoint Enthusiast
    Join Date
    Dec 2006
    Posts
    92
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Changing password wont help if you have a virus ... It usually read ftp accounts from your FTP client...

    1. delete all stored passwords
    2. clean up your computer (or if anyone else had ftp password ask from them to clean their computer too)
    3. change password(s)
    4. see what actually is changed and use backup to restore it...

    Keep in mind that sometimes crackers will upload .htaccess file instead editing your site files and all problematic code will be inside .htaccess.
    www.mangiaphoto.com - daily photo news
    www.serveradminblog.com - Open source tips and tricks
  4. Sep 26, 2010 18:01 #4
    ChrisWiegman
    ChrisWiegman is offline
    SitePoint Zealot ChrisWiegman's Avatar
    Join Date
    Sep 2010
    Location
    Austin, Texas, United States
    Posts
    177
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If your site content is static and hasn't been updated from a while restore a backup from before the problem started and change all passwords. If not, you will need to be VERY careful to clean everything up. This can be easier in Wordpress and some other CMS as you may be able to compare your file structure with a clean install and see where the changes have been made.
  5. Sep 28, 2010 15:15 #5
    linux7802
    linux7802 is offline
    SitePoint Member linux7802's Avatar
    Join Date
    Dec 2009
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can simply contact your hosting provider and ask them to check server logs to identify hacker but first change your hosting account login credentials as well as FTP account password.
    Regards,
    Linux7802
    cPanel Webhosting Blog
    25% OFF Coupon for Web Hosting Limited Offer
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules