Hey DP Members! Just yesterday I checked my site and found a folder, which said "Hacked By xxxx", and in the folder was a txt file with his name /info. I tried deleting both the folder and file, but it won't work. I tried uploading a index.html page in the folder, that wouldn't work either! . I really don't know what to do. How can I solve this problem?
Ok try logging in via a ssh shell and type in the following "rm -rf Hacke<tab>" and hit enter, <tab> means hit the tab key that should work. you'll need to run that command in the same folder on the filesystem that the hacked by directory is in.
What do you mean login via ssh shell, I always login through cPanel. Do you want me to to click SSH Shell? Cuz later its asking if i want to generate a Key....Sorry for being such a noob, but I never have been hacked.
yes that's what you are supposed to do create a ssh key use server key instead of pwd auth and with ssh use your bash / shell remote to directly login to your server/site and do such hacker-forensics from the shell rather than via cpanel. sooner or later you will learn to use shell for admin anyway - in your current situation = that is later = NOW is the time to site back and learn all after removing your hacked by xxx folder the actual work starts - as described recently in other hacked threads here in DP forum. good luck
Well .. just login into ur cPanel>File Manager>public_html>click on the name of the file or folder u want to delete !!! On right side u will see: Show File/ Show Folder Delete File Edit File Change Permissions Rename File Copy File Move File Html Editor Click on Change Permissions Set it to 666 !! Just check mark all the boxes !! now delete the file/folder it will work let me know if u still have some probs ..
prob need to be on a shell is root and chattr -ia file this will unset attributes so you can delete the file.
my guess... is this file is under group : nobody, therefore your user cant delete it.. so what do you do is, copy this: <?php $filename = 'namehere'; chmod($filename, 777); unlink($filename); ?> run it in the directory of that file. but remember to change the filename to the correct one ?>
I am happy that you solved your problem.But i am writing this message for anyone who has the same problem. It seems that the hacker used a shell script to put a file to your account.And since he has full permission on server with this shell script he changed the owner of the file. Since you dont seem the owner of the file,you couldnt delete it or make any change to it. If you again have any problem like that just tell your hosting company to chown your files with your username. After that you will be able to delete these files without any error. Also be careful while chosing a hosting company..Your company doesnt seem so secure..