if they showed their website address then you can track them and can take legal actions against them you also have the right to compliant their HOST with proves about the incident and block their website. Next time dont share your password with un-reliable people and keep an ugly password like

W38M@$t3R (webmaster :))

Back up, back out and get a new host, or at least get the site on a different server. The hosting company should give an explanation of what happened: known exploits, for example the almost ubiquitous cPanel vulnerability, are the most likely cause rather than a lost password (although using a difficult one will limit the effectiveness of a dictionary attack).

My hosting company is looking into it and I am waiting for their input.

I am on a windows based host, they are currently migrating to new servers, I wondered whether this could have anything to do with it?

The passwords have never been shared, nobody but myself and my host should know them, they are also alpha numeric

The attack was clearly not malicious as the home page they put up was for an international health organisation

They left an email address on the other page which I have been following in Google, seems I am not the only one

One concern is that although my original index page was cached by Google, it has just been crawled with the hijacked page in place!

Then it must be from your HOST side. ask them for explanation. if you have secure stuff on your website then start thinking of changing the HOST asap. Their cPanel for users is not secure that could be one way that someone hacked you from it.

Not to defend sloppy administration (there surely is a LOT of it out there,) but even on a tightly run ship very often a hack is a result of poor management on a USER level. I worked at one ISP where almost half of the FTP users had left their pass at the default pass from signup until we pulled their plugs until they changed it. Support phones were ringing off the hook that day . . . .

<< The hosting company should give an explanation of what happened: >>>

<<< I am on a windows based host... >>

that about covers it, low end windows hosting and security, forget about it.

Right, because this sort of stuff *never* happens on Linux boxes right? :)... sure..

sharbel, yeah it happens, it just happens a lot more on windows, as you know perfectly well if you know this stuff at all. As has been said elsewhere, nix systems are houses with some doors, windows boxes are houses with a thousand windows and doors.

Thanks for the replies guys
Still no answers from my host

re the windows server
I originally got my hosting etc set up by someone else, I am completely self taught at this.
The websites are a means to an end for my businesses

A while ago the limtations started to become clear, not htaccess etc, but the sites are superbly ranked in Google and never affected by updates etc. I simply dare not rock the boat by changing hosts.

This guy is all over the net attacking sites almost randomly. I did look at the affected sites hosts to see if it was a common thread but they are not the same nor indeed all windows based

serial defacers, which is what you are looking at, tend to automate their systems because it's so easy. As noted, linux is not immune to this. If it's a software based attack, say a security hole in forum or blog software, it doesn't matter very much what platform it runs on, it's attacking the vulnerability of the software, not the operating system.

Most defacers tend to collect raw numbers of defacements, keeping in mind that you get more gold stars in the website defacement scene for cracking linux than windows, and more for bsd type systems than linux. That reflects the relative difficulty of cracking each system. Windows is the easiest to crack.

Moving hosters, as long as your urls don't change, will have no impact on your rankings as long as you don't move the hoster out of the country. Google etc look at your domain name, not the IP it's hosted on. With one noteable exception: if you host on a cheap hoster, that hosts scummy websites, and uses shared IP, name based hosting - in other words, most low end cheap hosters - google may decide that you are on a bad neighborhood network based on the IP.

This is only a problem with junk hosters as far as I know.

If you are using standard .html or .htm extensions, it doesn't matter what type of hoster hosts your site. And even with .asp or .aspx a simple rewrite can 301 the asp to htm, for example. Good luck.

Failure of your host to get back in touch with you is a failure of the host completely, there is no reason to keep paying them for services they are not providing.

2by4: A bad admin is a bad admin, regardless of what OS they are trying admin. Sorry, but I have seen my share of Nix boxes screwed around with (although I tend to agree with you that a lot of times its more so the apps they are running than the OS itself). Of course there are vulderabilities with all OS's, Windows included, but honestly Windows2003 server is pretty dang solid.. and it comes relatively locked down compared to the older Windows server releases.

Don't get me wrong, I am not a Windows zealot at all. I have servers running both OS's.. i just find that there is this misconception out there that if you run a linux box you are somehow running a secure box by default, compared to Windows, which is complete rubbish. Again, if you are a bad admin, you are going to screw something up no matter what OS you are running, leaving you with an insecure box.

Knock on wood, the only problem i have had with either my linux boxes or my Windows boxes was an idiot who gave out a password.. don't get me started on that..

Again, let me stress my agreement with 2by4 that a lot of times it's an insecure/vulnerable script/application that causes a lot of the problems.

sharbel, just to add one other thing I've noticed, while agreeing with your main points: the very worst admins I've ever seen are windows admins. Doesn't mean they have to be, but it's just a tendency. Something about point and click cookie cutter stuff versus the unix style seems to attract very low skilled people.

I saw the same thing in networking classes. Lowest skill levels in windows classes, highest skill in linux classes.

The conversations I've had with windows admins are simply mind boggling, I've never seen such lack of understanding or knowledge about security. It's that click the checkbox etc, the default install putting everyone with full admin rights [have they fixed that yet], and so on. Server 2003 fixed some of these defaults, IIS in its latest release fixed others, but overall, I'll take linux + apache any time if forced to choose.

Windows out of the box is radically less secure than linux out of the box, as a rule. Server 2003 improved this somewhat, but it's still not great.

I'd say that box for box, it takes much more skill to secure a windows box to a certain level than it does to secure a linux box to that level. And since window's admins tend to have less skill than linux admins, although I've seen plenty of bad linux admins too, if you're going to put a site on a box run by a low skilled admin, I'd pick linux.

And for high end security, I doubt it's even possible to secure a windows box to the level that you can secure a *nix box, that's my guess anyway.

Personally, I wouldn't pick linux run by low skilled admins over Windows, I'd just pick freeBSD run by skilled techs.

Hi Guys
just an update and to clear a few things up. In fairness to the hosting company, the have won numerous awards and appear to be high profile in their windows genre.

They did reply to my support request initially and have now finally got back to me with what happened, well..
It was not a password related problem but for security reasons they cannot say exactly what it was!

Ironically the site is being migrated to the latest windows server any day now, this is a little more secure, I hope.

Having followed this guy around the net he appears to have accessed sites irrespective of format or host.

In some ways I actually feel grateful to him, he could have ruined my site but did not, he did make me realise that my sites are vulnerable and to ensure I check them all regularly and keep backed up properly.

2by4: I honestly cannot argue with you on the fact that there are a lot of people fooling around with Windows boxes that have no clue what they are doing, compared to linux boxes. Like you said, the point/click familiar (to their desktop) enviornment will be an easier transition than a command a 'foreign' OS.

Windows 2003 has addressed a lot of the issues of the older server platforms I find. As I said I run both Windows 2003 (5 boxes) and a few linux boxes.. i cant say I have had issues with either platforms. I will admit I lean to 2003 more only because I am an ASP.NET(C#) developer... Once MONO is stable in C# 2.0, I will start using *nix boxes a lot more I bet.

[edited by: jatar_k at 12:29 am (utc) on Jan. 18, 2006]
[edit reason] weird filter problem [/edit]