I think my website was hacked. Please help!

Hi everybody,

I went to my blog half an hour ago and it was full of ads I never placed. However, pretty much else was in place? Was that a hack? And if yes, why they didn't touch anything else? How did they do that?

Also, please let me know if there are any security programs out there that could prevent something like that from happening!

Thanks a lot!

Duncan

 

What is your blog url?

 

Thank you ZeeshanButt!

I removed all the ads by changing the main.tpl file to the original one.

But I am still scared as hell... :-(

 

You can check ftp logs that might help you to locate IP from which files uploaded in your account.

 

Yes you were hacked. Simply replacing the template with the unhacked version isn't fixing the problem. You should update your blog software to the latest version, and see if you can work out how they managed to edit files on you hosting account.

 

Thank you guys!

I already checked my logs without too much luck.

But I haven't updated my software to the latest version. I should probably do that immediately.

Sincerely,

Duncan

Btw, you wouldn't happen to know how to update a datalife engine template would you?

 

you should also check if there's any backdoor left behind. Usually when bad guy hacks a web site, he will drop a web shell between your file so he can come back later.

 

How do I check that?

 

Well you could check ever single files contents one by one manually to see if they are a back door script, or you could use phpSiteScanner, which scans for backdoor scripts and other code that might be used to compromise your server.

 

can you tell me your blog url i can help you in datalife

 

Thank you Asad for your help,

But I think I already fixed the problem! ;-)

 

your web site hass been hack by shell files... thts y the can upload here file again and agin ok change rights of you default templet folder chang in to 644

then they can't change your main.tpl with shell

your prb has been slow by that suggation

 

So let me see if I get this straight:

You tell me to go to the following folder in my ftp:

public_html/templates/x360

Then right click on x360 (which is my current template) click on "file permissions"
and then change the number 755 to 644...

Is that correct?

 

ya you corect

 

I don't think this is the right way to do this.

Every time I do it, the template of the website is ruined and all a I am getting
is text in white background. :-(

 

Bro i say you make unwritable your dir bcz i knw a littl bit abut hacking with simpl php filez...
this file calls shell and they can ad or dell every thinng with is writtble...
in past i aslo use many of shell thts y i knw that you get that prb...
they can also download or upload files in your hosting if you folder is writeable

i think your web have also that prb... i think bcz i also use that methad many times in past

lolxxxxxxxx

Asad

 

You should update your blog software to the latest version , change ur ftp passwords , admin , etc

 

Replace all with your back-up?

 

Thank you guys, I ve done most of the above things already.

Also, Asad the 644 thing would be great if it didn't mess up with the way the website looked to me...

 

bro i m not only to give you support

i can tell you i also hacked many sites whit that prosses in past that was i knw waht that prb in your site