: My Sites Were Hacked. What To Do? I host multiple domains with this very popular hosting provider and I just went into one of my sites and... I see a black page with message "Hacked by...".
I host multiple domains with this very popular hosting provider and I just went into one of my sites and... I see a black page with message "Hacked by...". I checked and all my sites with the provider are showing this same page.
Inside of file system I have seen the hacker placed all default.* and index.* files with this message. So the hacker overwrote all index pages, placed new pages and that is under every, I say again, every folder. Cleaning this up will be close to a most horrible job.
What to do (right now I am awaiting the restore of files from hosting provider)? How to prevent this? Whom to blame?
More posts by @Frith620
3 Comments
Sorted by latest first Latest Oldest Best
To answer your question about "how somebody can write new files into my hosts" there are three ways I've seen this happen.
First, FTP account hijacking. The worst case I had to deal with on my sites is when a hacker gained access to either a root level or high level account that allowed them to overwrite the index pages of all of the sites on that shared host server. Brute force attacks, botnets and other such techniques are how they pull this off. Once they're in they can do whatever they want.
The second, which is also FTP related, is leaving a public anonymous FTP area open with full privileges. This allows the hacker to upload a script and execute it. The script could then copy files or perform other kinds of mischief. Typically they'll delete the files after the run so you won't see the evidence. Some hosts are bad about not locking down anonymous FTP access so always check for yourself.
The last I've had to deal with is SQL injection on WordPress sites. In this case, the hacker uses injection to gain access to the WordPress admin panel and then replaces the active theme with their hacked version. There are various things you can do to lock down WordPress installs better than they are by default. Look around and find one that fits well with your needs.
John Conde's answer is an excellent one and should be accepted as the correct one, but I wanted to address something you mentioned in your post that maybe deserves more than a comment.
To ease the cleaning up you can run commands in linux that will delete just certain filenames and types. (You can run rm with parameters, for example)
I don't want to post a code snippet here because each server is setup slightly differently and I don't want to bugger up your sites even more, but your hosts should be able to do this very quickly.
What to do (right now I am awaiting the restore of files from hosting provider)?
Fix the holes that caused you to get hacked in the first place. If it was a result of the web host's neglect then find a new host.
Keep backups of your site so you don't depend on your host for this.
How to prevent this?
If you write your own code you need to write it securely and keep up on the latest web security news
If you use third party software you need to keep up with their releases especially if they include security fixes.
Make sure your host keeps up with the server's software patches.
Whom to blame?
If it was your code that was exploited, blame yourself.
If it was the hosting company's server that was hacked, blame them.
If it was a third party's software that was exploited, blame yourself (it's up to you to keep it updated).
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.