SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    Non-Member
    Join Date
    Sep 2006
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help - Hackers have taken over my site!

    Well, kind of. I was notified by Google that there has been phishing pages uploaded on my website that, of course, I did not initiate. I went through the access logs and saw when and how they were uploaded - through a shell script!

    I was able to trace and delete 3 different shell scripts located at various locations on my site, but as I keep looking, it seems they are everywhere. Is there any way I can do a site-wide malware scan that would pinpoint these buggers so I can get rid of them?

    Thanks,
    Donny

  2. #2
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,524
    Mentioned
    52 Post(s)
    Tagged
    1 Thread(s)
    First, change your passwords.

    Second, contact your hosting provider about the situation.

    Third, make sure all the software is up-to-date. That includes apache, PHP, MySQL, wordpress, forum software, etc
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2006
    Posts
    92
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Changing password wont help if you have a virus ... It usually read ftp accounts from your FTP client...

    1. delete all stored passwords
    2. clean up your computer (or if anyone else had ftp password ask from them to clean their computer too)
    3. change password(s)
    4. see what actually is changed and use backup to restore it...

    Keep in mind that sometimes crackers will upload .htaccess file instead editing your site files and all problematic code will be inside .htaccess.
    www.mangiaphoto.com - daily photo news
    www.serveradminblog.com - Open source tips and tricks

  4. #4
    SitePoint Zealot ChrisWiegman's Avatar
    Join Date
    Sep 2010
    Location
    Austin, Texas, United States
    Posts
    177
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If your site content is static and hasn't been updated from a while restore a backup from before the problem started and change all passwords. If not, you will need to be VERY careful to clean everything up. This can be easier in Wordpress and some other CMS as you may be able to compare your file structure with a clean install and see where the changes have been made.

  5. #5
    SitePoint Member linux7802's Avatar
    Join Date
    Dec 2009
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can simply contact your hosting provider and ask them to check server logs to identify hacker but first change your hosting account login credentials as well as FTP account password.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •