|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-14-2006, 07:19 AM
|
#1 |
|
Member (9 bit)
Join Date: Nov 2002
Location: London, UK
Posts: 288
|
someone has hi-jacked my site!
I have registered abcd-ebooks.com and put up a very basic title bar at the url until the site was finished and ready to go live.
I have come away for the easter weekend and was surfing a little on my father's computer and thought I'd just go to that site and this is what I found: link removed Which is nothing to do with me. Fortunately the actual site wasn't live and not linked or anything so it is a 'hollow' victory for whoever has done this. I don't have any of my login details or such like with me so whoever this guy is he/she can enjoy their victory for a few days til I get home again next week but I cannot figure out how they managed to do this. I must have logged into that account once! And it doesn't appear on any search engines and nor is it linked to any sites so how this guy even found it is a mystery to me. And I haven't even told anyone about the site so it isn't some friend having a laugh at my expense. If anyone has a similar experience or any advice about how I should proceed - and how I defend against such silliness I would be grateful for your words. Thanks for reading, Best regards, Phil Last edited by Statica; 04-14-2006 at 12:45 PM. |
|
|
|
04-14-2006, 07:56 AM
|
#2 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
Personally, I wouldnt be advertising your hacked site like this nor would I be waiting this long to remove the hack notice, it just encourages people to retry on your site (and also puts in a whole lot of more log entries, when I would be running to get the full logs to see where the attack came from, and how it came).
a) Check your logs immediately, try to find out what backdoor they used b) If it was through the site, using some script vulnerability then you need to patch it. Stuff like phpBB etc have well documented and well popularized vulnerabilities so you need to know if it was something similar that was exploited c) From what it sounds like though, it seems to be that you were backdoored, which means that it could either be a password compromise or a compromise of your webhost. I would be pretty ticked off if my host was running unpatched stuff and would leave... either way you need to know, and your best bet is to look at the logs d) Keep in mind also that over 99% of these attacks are by script kiddies, who dont really know how to hack, but get some readymade script and run it through .. once you get documented as a victory, you will see repeated attacks e) Also keep in mind that in some cases, the front page that you see might just be the vanity label, there might be other scripts and bots running through your server hammering other sites or behaving as IRC scripts etc .. you need to find that asap. f) Evaluate running services and turn off what you dont need. Most people dont need SSH, or anon ftp or a host of other "features" that hosts provide, but still have them used. Addendum: Oh by the way, is this your own server? If so you need to go to Security 101 and see what's vulnerable for you. |
|
|
|
|
04-14-2006, 09:47 AM
|
#3 |
|
Member (9 bit)
Join Date: Nov 2002
Location: London, UK
Posts: 288
|
Thanks for your informative reply, Statica. That is very helpful.
The server is not mine, the site is hosted at host4u and the domain name is at 1and1 - someone else has told me now that 1and1 aren't such a good idea but previously I had heard that they were good. So I'm not sure what to make of that. Unfortunately, because I am away from home and I have none of my login details with me (and I don't remember that sort of thing) there is nothing I can do about it til next week - but thank you for your advice nonetheless. |
|
|
|
|
04-14-2006, 12:57 PM
|
#4 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
I dont know about 1&1's registratoin service, but given my experience with them at hosting, I will not do any business w/them.
I've removed your link from the original post, firstly because I dont think that it increases the relevance of the issue and mostly because you'd be better served not having a bunch of mechers leaving footprints in your logs. Hopefully yours is a full service host, and you've done your homework with selecting host4u and they will be able to assist you. A hack on a hosted account is as much a headache for them as it is for you. The good news is that you should get some pretty good ideas about some intangibles pretty early in your website's life. Now you should be able to guage how responsive the hosts are to you, what the sophistication of the control panel is in getting your logs the way you want it, what the level of customization is for your account (can you turn off ssh or anything else), how proactive the hosts are in securing their own servers etc etc. These are fairly important criteria that should be thot of when selecting a host .. especially for serious websites that are intentioned for growth. Most people unfortunately will get taken in by the GBs and the POP3s. Good luck |
|
|
|
|
04-14-2006, 03:49 PM
|
#5 |
|
Member (9 bit)
Join Date: May 2005
Location: Georgia, USA.
Posts: 313
   |
Since I'm a webhost, when you get home, I will gladly give you some help with doing some research or whatever you need to repair your site to fix things. Feel free to PM me
 .
__________________
97 point Nerd God! Haha 2 points higher now. I increase!  Yeah, I know you wanna be like me. The DJ will spin your disks.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
