homepage Welcome to WebmasterWorld Guest from 54.211.231.221
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
My Website was just hacked!
what should I do?
janny93




msg:333664
 9:32 pm on Jul 29, 2004 (gmt 0)

My e-commerce website was just hacked. It was hacked asecond time. First time, there was only change at the index file, now there is a message in the index file and all other files are deleted! How is this posible? How come, that unauthorized person have access to my folder and they can it modify? Who is responsible for the failure? Me or my webhoster who let the hackers in?
What should I do now?

[edited by: oilman at 9:46 pm (utc) on July 29, 2004]
[edit reason] no specifics please [/edit]

 

jo1ene




msg:333665
 9:41 pm on Jul 29, 2004 (gmt 0)

My guess is that it's the hosts fault. Unless you were running some script that could be exploited. What to do now? Get another host and start over. As long as your domain name is OK, you can switch everything to a new host in about 24 hours. Sometimes, cheap hosts are no bargain.

bhartzer




msg:333666
 9:43 pm on Jul 29, 2004 (gmt 0)

What should I do now?

Go get another host. Unfortunately, you get what you pay for.

janny93




msg:333667
 9:48 pm on Jul 29, 2004 (gmt 0)

It would be solution too, but Webhost is not that cheap host. I do pay there over 140 USD/year. Before I had "cheap" host and it was terrible.
Should they move my site to other server?

Bradley




msg:333668
 9:53 pm on Jul 29, 2004 (gmt 0)


Less than $12/month for ecommerce hosting = cheap host.

AprilS




msg:333669
 11:51 pm on Jul 29, 2004 (gmt 0)

Well, before looking into switching hosts - look at the code on your site.

Did you write any scripts on the site? If so, you probably overlooked something and left a security hole(s).

You mentioned it is an ecommerce site - are you using a ecommerce solution from another company (Miva Merchant , oscommerce, etc...)? If so, they are not hack-proof either. In fact, because they are so popular/well known - it is easier for security holes to be found in them!

It is possible for someone to write & delete files using port 80(http). I've seen it and experienced it - and is usually a security hole due to bad coding.

At $140/mo you probably are not behind a firewall. but even then, sites can still get hacked through common ports like 80, 443, etc.

In a nutshell - moving hosts may not be the issue. You should concentrate on finding out exactly how they did what they did. Look through your logs (web logs, messages logs, etc.) You need to find how they did it so you can fix the cause. If you move hosts and you didn't fix the problem, you may just get hacked again.

m_shroom




msg:333670
 3:29 am on Jul 30, 2004 (gmt 0)

It may not be the hosts fault at all, your machine may have spyware on it. Restore your site then go to another machine and change your password and don't use new password on your machine.

janny93




msg:333671
 5:10 am on Jul 31, 2004 (gmt 0)

Problem is hopefully solved now. We do have CC gateway installed and we had to disable some security attributes, because It did not work. I upload all files back and I will monitor all files, if there will be some changes.

Raymond




msg:333672
 6:57 am on Jul 31, 2004 (gmt 0)

Are you hosted on IIS?

There is a method to take control over the filesystem of the server using the filesystem and ADSI object. The damage can be "somewhat" toned down if very strict permissions are set. You can view and change every single file on all drives that are mounted on the server. This exploit has been around for YEARS, from IIS4 to IIS6. Unfortunately Microsoft hasn't done anything about it yet.

I have been through many many host (shared environment), from cheap ones $12 bucks/mo to $49/mo, so far I have not seen 1 single host that has this problem resolved. Partially because setting the necessary permission to stop this exploit will also make many other software unuseable (most webcontrol panel) If you are serious in running a business online, get a dedicated and the problem will be solved.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved