1. Home
  2. Forums Index
  3. Server Side / Website Technology Issues 11:20 am Apr 26, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Hacked!

My site was taken over! What to check for now?

         

TheGuyAboveYou

3:08 pm on Oct 22, 2004 (gmt 0)

10+ Year Member



My site was taken over and was listed on the front page of google. In the last week it has fallen off the front page. They replaced my index page and I went and changed it back and changed the password.

My quesition is what other motive would they have? Could there be any programs to check for on my server?
I am not sure. How could I verify that they did not put anything destructive on my server too?

Thanks

ddent

8:51 pm on Oct 25, 2004 (gmt 0)

10+ Year Member



I'm a little bit unclear: The cracked your account, and caused your page to be displayed on the front page of google? Nice!

But yes, there are lots of things to check for. Chances are relatively high that they've put in some kind of a backdoor, or that whatever vulnerability they used to crack into your account is still present (unless they just guessed your password/phished it/etc).

The amount of work ahead of you depends a lot on what they had to crack to get into your site. Was it just a user account on the system, or did they get root?

If they got root, you are pretty much stuck re-installing your entire system from scratch.

If it is just a user account, you are going to want to audit EVERY SINGLE FILE owned by the user. Pay special attention to files which have the executable bit set. Check crontabs. Don't forget about dotfiles. Check CGIs. Check that the contents of files are what you think they are. Check what processes are running...

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Website Technology Issues 11:20 am Apr 26, 2026