Welcome to WebmasterWorld Guest from 54.196.232.162

Forum Moderators: phranque

Message Too Old, No Replies

My Website was just hacked!

what should I do?

     
9:32 pm on Jul 29, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 18, 2004
posts:56
votes: 0


My e-commerce website was just hacked. It was hacked asecond time. First time, there was only change at the index file, now there is a message in the index file and all other files are deleted! How is this posible? How come, that unauthorized person have access to my folder and they can it modify? Who is responsible for the failure? Me or my webhoster who let the hackers in?
What should I do now?

[edited by: oilman at 9:46 pm (utc) on July 29, 2004]
[edit reason] no specifics please [/edit]

9:41 pm on July 29, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:May 20, 2004
posts:469
votes: 0


My guess is that it's the hosts fault. Unless you were running some script that could be exploited. What to do now? Get another host and start over. As long as your domain name is OK, you can switch everything to a new host in about 24 hours. Sometimes, cheap hosts are no bargain.
9:43 pm on July 29, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 28, 2003
posts:1977
votes: 0


What should I do now?

Go get another host. Unfortunately, you get what you pay for.
9:48 pm on July 29, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 18, 2004
posts:56
votes: 0


It would be solution too, but Webhost is not that cheap host. I do pay there over 140 USD/year. Before I had "cheap" host and it was terrible.
Should they move my site to other server?
9:53 pm on July 29, 2004 (gmt 0)

Full Member

10+ Year Member

joined:June 28, 2000
posts:280
votes: 0



Less than $12/month for ecommerce hosting = cheap host.
11:51 pm on July 29, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Aug 29, 2003
posts:236
votes: 0


Well, before looking into switching hosts - look at the code on your site.

Did you write any scripts on the site? If so, you probably overlooked something and left a security hole(s).

You mentioned it is an ecommerce site - are you using a ecommerce solution from another company (Miva Merchant , oscommerce, etc...)? If so, they are not hack-proof either. In fact, because they are so popular/well known - it is easier for security holes to be found in them!

It is possible for someone to write & delete files using port 80(http). I've seen it and experienced it - and is usually a security hole due to bad coding.

At $140/mo you probably are not behind a firewall. but even then, sites can still get hacked through common ports like 80, 443, etc.

In a nutshell - moving hosts may not be the issue. You should concentrate on finding out exactly how they did what they did. Look through your logs (web logs, messages logs, etc.) You need to find how they did it so you can fix the cause. If you move hosts and you didn't fix the problem, you may just get hacked again.

3:29 am on July 30, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 3, 2004
posts:55
votes: 0


It may not be the hosts fault at all, your machine may have spyware on it. Restore your site then go to another machine and change your password and don't use new password on your machine.
5:10 am on July 31, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 18, 2004
posts:56
votes: 0


Problem is hopefully solved now. We do have CC gateway installed and we had to disable some security attributes, because It did not work. I upload all files back and I will monitor all files, if there will be some changes.
6:57 am on July 31, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 8, 2003
posts:517
votes: 0


Are you hosted on IIS?

There is a method to take control over the filesystem of the server using the filesystem and ADSI object. The damage can be "somewhat" toned down if very strict permissions are set. You can view and change every single file on all drives that are mounted on the server. This exploit has been around for YEARS, from IIS4 to IIS6. Unfortunately Microsoft hasn't done anything about it yet.

I have been through many many host (shared environment), from cheap ones $12 bucks/mo to $49/mo, so far I have not seen 1 single host that has this problem resolved. Partially because setting the necessary permission to stop this exploit will also make many other software unuseable (most webcontrol panel) If you are serious in running a business online, get a dedicated and the problem will be solved.