Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Recent PHP Hack

Need help

8:02 pm on Mar 28, 2010 (gmt 0)

New User

5+ Year Member

joined:Mar 28, 2010
votes: 0

I have recently been hacked by a php hack, this was not justified and instead of a small alt or something annoying he DELETED everything on my server account. I am looking for help to secure my site and should he or his friends try this again they receive a returning virus a reverse hack ( is this possible!). I am a small business and for some time now been unable to work through my site.
Please help.
8:42 pm on Mar 28, 2010 (gmt 0)

Full Member

10+ Year Member

joined:July 13, 2007
votes: 0

A "reverse hack" or virus won't work. There's no feasible way to make anything of that nature function at all.

Your best bet is to change every single password on the account, contact the hosting provider and ask them to completely wipe your account and recreate it, databases and all (if the hacker(s) deleted everything anyway, this can't do you any harm, and it may remove any trojans left by the intrusion), then restore your site from backups. If you don't have recent backups, ask the hosting provider if they have any--but don't rely on them having recent backups, as they aren't obligated to do so.

You should be taking regular backups of your site anyway--if you don't know how, that can be answered by numerous other threads on this site. Regular backups are crucial to preventing information loss.

Also, try to figure out how the hacker attacked your system. Was it through PHP vulnerabilities? Did the attacker compromise your hosting account? Did someone brute-force your FTP login information? Did someone slip a trojan onto your computer that sniffs FTP logins? Depending on the type of intrusion, your response may be to fix your code, change hosting providers, and set up a login lockout on your FTP accounts (or switch to SFTP).

Another thing to check is your password strength. Good passwords should prevent many hacks. In general, wherever possible I actually use a passphrase--an entire sentence, rather than a single word. My average passphrase length is about 40 characters, contains non-dictionary words, numbers, upper/lowercase letters, and symbols. It takes a few seconds longer to type each time you need to enter it, but a good password manager can save you even this minor hassle--and anyone attempting to brute-force your password will have to spend several years doing so. :)
8:53 pm on Mar 28, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
votes: 0

should he or his friends try this again they receive a returning virus a reverse hack

12:57 pm on Mar 30, 2010 (gmt 0)


WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
votes: 0

Welcome to WebmasterWorld SparkedOut,

you should keep all software up to date so as to plug any known vulnerabilities. If software you use is very out of date then maybe upgrading to an active software may help.

forms are also a common point of entry but just keeping an active software up to date would help there.

Any unused accounts (ftp/shell/other) that might be hanging around should be removed.

file permissions as 777 or world writable should be stopped as another common hole.

though it is infuriating, I've been dealing with it in one form or another for 10 years, it is normal and a common;y overlooked fact of ding business on the web. Even if it was possible to reverse hack them, that would be illegal and is not advisable.
7:01 am on Mar 31, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member dreamcatcher is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 30, 2003
votes: 0

If you are running on a shared server, are you sure the problem didn`t arise from someone else`s site? For max security you should get a dedicated box and tighten it up as much as possible.