News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Site has been hacked

Started by Uncle Don, April 20, 2012, 08:26:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Uncle Don

April 20, 2012, 08:26:24 PM
Somebody hacked my site which is now down.  I am left with a picture of a bloody tongue with a needle thru it and a soundtrack that is noisy and disturbing.  Can somebody please help?  lewportalumni.com
In times like these it is wise to remember that there has always been times like these. - Paul Harvey

TheListener

#1
April 20, 2012, 08:30:49 PM
Not a nice image either.

Uncle Don have you spoken to your hosts?

Uncle Don

#2
April 20, 2012, 08:42:39 PM
No I have not.  Do you think they can restore to an earlier copy?
In times like these it is wise to remember that there has always been times like these. - Paul Harvey

TheListener

#3
April 20, 2012, 08:43:47 PM
They should be able too. I'd wait and see what the smf experts say though.

;)

MrPhil

#4
April 20, 2012, 10:01:59 PM
The first thing to check is if the hacker actually damaged/overwrote your PHP files, or if they simply slipped in an index.html or index.htm page. In the latter case, .html or .htm usually is picked up before .php, so simply getting rid of the offending page would solve the immediate problem.

Then you need to work with your host to see how the hacker got in. Check your permissions to make sure someone sharing the server can't write into your site. Scan your PC (used to administrate the site) for spyware and then change all your passwords -- hosting, FTP, forum admin, etc.

a10

#5
April 21, 2012, 07:20:03 AM
From google cache 13. apr 2012 04:26:43 GMT:
QuotePowered by SMF 1.1.11
If not upgraded since then, ain't .11 very vulnerable ?
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Uncle Don

#6
April 21, 2012, 01:36:45 PM
The host has cleared the image for me but has left a blank page.  I tried to access my backups via cpanel, however it has been so long since I have been in there, I forgot username and password.  The host company recently changed servers and tells me they donot have a backup of the site.  GREAT!  Now what?
In times like these it is wise to remember that there has always been times like these. - Paul Harvey

Code Wrangler

#7
April 21, 2012, 05:50:52 PM
Quote from: Uncle Don on April 21, 2012, 01:36:45 PM
The host has cleared the image for me but has left a blank page.  I tried to access my backups via cpanel, however it has been so long since I have been in there, I forgot username and password.  The host company recently changed servers and tells me they donot have a backup of the site.  GREAT!  Now what?

Can/will your hosting company reset your password(s) so that you can get in and see what's there?

a10

#8
April 22, 2012, 06:41:45 AM
Getting hacked (probably because of using an outdated smf version) + not taking regular ftp and database backups + host not having any backups (never rely on the host).

If all this is the case you may be completely out of options, hopefully not, but unless yourself or the host have kept some backups it seems you'll have to start from scratch. Follow Code Wrangler's suggestion and see if you can find something useful.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Seo-luntan

#9
April 28, 2012, 11:12:55 PM
Now your forum is working and I even try to register. I tried it 2 times, but "An Error Has Occurred!"
Print
Go Up Pages1
User actions
Advertisement: