|site hacked and unable to use ftp properly|
any help greatly appreciated
| 1:16 am on Mar 24, 2011 (gmt 0)|
my site recently got hacked and my provider told me that my index.html file is corrupted. The message that was shown when loading the site was: "Hacked by Kryptex".
The site in question was www.boldheadstudio.com.
Now I tried to back everything up locally to save the main bulk of data and start a clean wordpress system again, but there seems to be something messed up with user rights, I canīt move/edity/access or delete certain files which makes that endeavour impossible.
I tried uploading a new index file that redirects to another site for the time being, but that doesnīt work as well? I donīt know why honestly...
So the big question is, what is the provider (host1plus.com) doing now? Do I have the right to demand a back-up of the site from the provider, which they have?
I am completely out of my depth here, so any help is much much appreciated.
| 1:31 am on Mar 24, 2011 (gmt 0)|
As of right this moment as I post your site gives a 404,
you sure the host hasn't just removed your site folder/directory ?
|Do I have the right to demand a back-up of the site from the provider, |
Depends if your contract says they do "back ups" included in the hosting package ( rare if you are on shared hosting )..if not ..upto you to upload your backups.
The fact of the 404 says to me its more likely that they have just pulled the entire site folder/directory ( else I would expect at least a folder/directory structure tree showing images , html, cgi etc ) ..would also explain why you can't upload ..you can't upload to what isn't there.
| 1:46 am on Mar 24, 2011 (gmt 0)|
Thanks, Leosghost, for the quick reply :)
The provider does do back-ups, at least they told me so. I donīt have any local back-ups for myself in fact, which is unfortunate of course.
Iīm not sure I understand you correctly when you say they removed the entire site. I see all files when I login to my ftp. But I donīt know if there was something changed after the hack.
In one mail the provider said that my domainīs folderīs owner was set to "root" and they changed it back to my username. Could that be a symptom of what you are hinting at? Sorry I might be confused here ;)
Thanks for your help so far.
| 2:12 am on Mar 24, 2011 (gmt 0)|
From outside putting your site into the address bar direct as a copy /paste gives a 404 ( not found ) ..the server is telling "nothing here"
from your server
The requested URL / was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
then follows the apache type etc..
you may be seeing different because you may have the index page in your browser cache..clear your cache and you'll see the above ..as will anyone trying to access your site ..
I can see what it should have looked like via google cache ( minus the images ..Google cache calls the images direct from a sites server ..and your site is gone so the "calls" don't bring back images ) you need to talk to your hoster , they need to put your site folder back ..then you can upload to it ..and also try to work out how you were hacked ..wordpress is vulnerable unless it is really kept upto date ..and even then
| 2:43 am on Mar 24, 2011 (gmt 0)|
Also read rocknbil here [webmasterworld.com] the same proceedure applies after any hack ..ecommerce site, blog ..whatever.
| 2:05 pm on Mar 24, 2011 (gmt 0)|
Our site got hacked also after 3.5 years.
1.8 million Hits and 3.5 years of Data useless.
We started all over ...
I found that I did not Protect it enough and some one was putting files ( php files ) and having them execute , Fishing for Bank info and credit card info , My provider almost took us off line ...
I had to byte the bullet and start all over ...
There was just to much data to go through to find all he messed with ...
I can say Make sure, Well we were using PHP PLATINUM but now we use Raven Nuke and all is ok so far ... But make sure to Set AUTH area of the ADMIN settings.
So now if I go there it ask's me for user name and password ...
HTTPAuth Menu or CGIAuth
which will write .htacess files for you, Look into that .htaccess and the .staccess files
| 6:24 pm on Mar 24, 2011 (gmt 0)|
thanks to all who took their time and looked into this,
Amazingly itīs all back and running without any loss, at last the provider took care of it. After weeks of writing emails that is :/
Neo, thanks for the tip on security, I will definitely get into this and stack up the security. That must have been quite a loss, I feel for you.
Thanks Leosghost, Iīll have a careful look.
| 7:23 pm on Mar 24, 2011 (gmt 0)|
Btw boldhead ..nice work at your place..
| 7:51 pm on Mar 24, 2011 (gmt 0)|
Thank you, very kind :)