I was hacked, what is the proper sequence of events

Forum Moderators: mack

Message Too Old, No Replies

I was hacked, what is the proper sequence of events

what should I do first

The_Hat

2:39 pm on Jun 13, 2008 (gmt 0)

So.. I have had the good luck of never having encountered this before now.. but now that I have I am completly unprepared for what needs to be done. (which is why I put this topic in the new to dev area).

I want to make it as hard as possible on the perps but don't know where to start. I am sure a call to my local police department wouldn't be quite right... also I am sure a phone call to a fbi office wouldn't be quite right either.. so who do I call? Should I notify my hoster (TCH) and let them take it from here?

I have so far pulled down an archive of the site, and upon extracting it locally found out that there is a system.php infected with PHP.RSTBackdoor so we may be looking at more than just the domain it was centered in..

Any help? Thanks.

The_Hat

10:38 pm on Jun 14, 2008 (gmt 0)

Really? No one can offer me any advice.

himalayaswater

5:08 pm on Jun 15, 2008 (gmt 0)

It depends. If hacker took CC numbers and other private data, you need to talk to cyber police (a special police division created to look into this kind of crimes). In most cases you upload frash last good known backup copy of your site. Change all ftp / sftp /ssh password and send information to your host.

HTH