|Recent PHP Hack|
| 8:02 pm on Mar 28, 2010 (gmt 0)|
I have recently been hacked by a php hack, this was not justified and instead of a small alt or something annoying he DELETED everything on my server account. I am looking for help to secure my site and should he or his friends try this again they receive a returning virus a reverse hack ( is this possible!). I am a small business and for some time now been unable to work through my site.
| 8:42 pm on Mar 28, 2010 (gmt 0)|
A "reverse hack" or virus won't work. There's no feasible way to make anything of that nature function at all.
Your best bet is to change every single password on the account, contact the hosting provider and ask them to completely wipe your account and recreate it, databases and all (if the hacker(s) deleted everything anyway, this can't do you any harm, and it may remove any trojans left by the intrusion), then restore your site from backups. If you don't have recent backups, ask the hosting provider if they have any--but don't rely on them having recent backups, as they aren't obligated to do so.
You should be taking regular backups of your site anyway--if you don't know how, that can be answered by numerous other threads on this site. Regular backups are crucial to preventing information loss.
Also, try to figure out how the hacker attacked your system. Was it through PHP vulnerabilities? Did the attacker compromise your hosting account? Did someone brute-force your FTP login information? Did someone slip a trojan onto your computer that sniffs FTP logins? Depending on the type of intrusion, your response may be to fix your code, change hosting providers, and set up a login lockout on your FTP accounts (or switch to SFTP).
Another thing to check is your password strength. Good passwords should prevent many hacks. In general, wherever possible I actually use a passphrase--an entire sentence, rather than a single word. My average passphrase length is about 40 characters, contains non-dictionary words, numbers, upper/lowercase letters, and symbols. It takes a few seconds longer to type each time you need to enter it, but a good password manager can save you even this minor hassle--and anyone attempting to brute-force your password will have to spend several years doing so. :)
| 8:53 pm on Mar 28, 2010 (gmt 0)|
|should he or his friends try this again they receive a returning virus a reverse hack |
| 12:57 pm on Mar 30, 2010 (gmt 0)|
Welcome to WebmasterWorld SparkedOut,
you should keep all software up to date so as to plug any known vulnerabilities. If software you use is very out of date then maybe upgrading to an active software may help.
forms are also a common point of entry but just keeping an active software up to date would help there.
Any unused accounts (ftp/shell/other) that might be hanging around should be removed.
file permissions as 777 or world writable should be stopped as another common hole.
though it is infuriating, I've been dealing with it in one form or another for 10 years, it is normal and a common;y overlooked fact of ding business on the web. Even if it was possible to reverse hack them, that would be illegal and is not advisable.
| 7:01 am on Mar 31, 2010 (gmt 0)|
If you are running on a shared server, are you sure the problem didn`t arise from someone else`s site? For max security you should get a dedicated box and tighten it up as much as possible.