02-23-2009, 11:35 PM
Yeah, so my forum was hacked today. They took the home page and put up this you've been rick rolled video. Then they made one of those annoying boxes where you have to keep clicking 100's of time.
In the mean time he also disabled the forums too. I'm wondering, if he didn't have access to my hosting, how did this happen? How can he do this? What steps can I take to preventing this sort of thing from happening again? I know we have some hackers here. No doubt about that. If you don't want to post the information about how to protect my site on here, you can PM it to me.
Also, what can I do to get the hacker in trouble? I'm not so sure this hacker was professional as the kid admits to it. He's like 15 or 16 years old and I'm not to sure he did a clean job and may have left a trace. First step would probably be to contact my hosting company?
I know we have some hackers here. No doubt about that.
Also, what can I do to get the hacker in trouble?
I am not sure that that would entice some hackers to help you :D
First step would probably be to contact my hosting company?
if you really want to pursue it then, yes. However, I would be more inclined to find out where they got in and to 'close the door'. maybe look up the website for the forum software and see if there is a known bug or vulnerability so you can get it fixed.
sadly, such antics are part of the interweb.
02-24-2009, 12:53 AM
There are several ways they could have gotten in. Usually either you had unsecure or insecure FTP accounts that let them in. Or they gained access to your server using a known security vulnerability in one of the services and then trashed your website and probably others that are hosted on the same server.
I would report it to your host immediately so they can examine their logs and investigate the source of the breach. If they seem uninterested in actually fixing the problem, switch hosts because it will only happen again.
02-24-2009, 02:17 AM
It only affected this one site of mine. The other sites I had hosted on here remained unharmed. That's why I was wondering if they had some sort of way into my hosting without knowing my login information.
Oracle, I'm using AnHosting(.com) which uses a cpanel. Would the unsecure ftp be something common for a cpanel? Cpanel seems to be the trend for hosting so I'd think that would be secure.
Also let me reinterate that the forums were simply turned off. The page was blank. It was the home page that was html, css, and two simple php scripts for a url masker, and a newsletter signup.
www.immforums.com is the home page I am referring to. It was restored, but I've been receiving threats about the site being taken down again...
As somewhat of a novce in this issue, I would start with the easy things while you await something from your isp.
make sure you are virus-free, malware free etc and then change all your passwords. Then, I guess, if your data was harvested by a keylogger script, you will have made redundant, the info they need to get back in again.
02-24-2009, 08:35 AM
As a preventative measure make sure that files or folders are writable that shouldn't be, like by your scripts. Make sure your forum software is up to date, they might have used a bug in there to gain access.
Also change all your passwords for the FTP accounts and forum administrator account on there as a preventative measure as well.
02-25-2009, 10:32 AM
First check your server log :)
see which file or directory he have been to.
One of the common attack and really bad one is the Shell(Remote File Inclusion) attack, the hacker would upload or remotely include the malicious code...
Most common one is the C99 shell script..
Basically the hacker could see everything, even your source code...
A screen shot of how the c99 looks like:
Some of the web host have anti virus install on them(to prevent suck attack), but most of them does not have. :(
Do pm me your website, so i can have a look. :)