hi some evil person hack into my site tonight and i manage to get his/her ip what should i do now? thanks
I've been hacked before.. and it sux! before worrying about their IP, did you find the entrance and get that closed up? Were you able to back the site up... sorry to hear about it .. As for the IP, it's likely a proxy... Cathy
so it's a proxy ip? so there is nothing i can do about it? i have no ideal how the hacker mange to get in
I don't know for sure if it is or not, more than likely it is, try searching for it in google, sometimes you can find them that way, It's been so long since I've looked up an IP I really don't know how.. I'm sure someone here does though.. You do need to find out how they got in ASAP though, or theyll just do it over again tomorrow.. the next day.. etc.
read the other threads HERE on this topic there are enough details published for your next steps to do fi he using always same IP ( proxy or other ) then add to your .htaccess deny from 203.220.100.155 add any OTHER IP he was/is using as soon as you know of them then STUDY your SW and secure it all
if you know his ip starts with "203.220" then just put : deny from 203.220 and this will stop any ips that start with 203.220 by the way, that 'hacker' is surfing from Australia.
since i had the "pleasure" of being unsuccessfully hacked for a full 8 hrs last night - it was time to study the iptables solutions to below htaccess solution as well. actually quiet simple - hence here a ready to copy / apply precise example from my today's hacker's IP - just replace the IP for your individual usage in bash/shell enter iptables -A INPUT -s 194.249.56.4 -j DROP but since my hacker used a dial-up IP I did the entire IP-block with below syntax iptables -A INPUT -s 194.249.56.0/24 -j DROP then to save all that in the config file iptables-save >/etc/iptables.conf to list all active iptable rules iptables -L to flush ( i.e. delete ) all active rulea again iptables -F ONE more important point using my earlier mentioned deny from 194.249.56.4 method in .htaccess this did NOT work for me today because it was an ongoing 8 hrs lasting attempt - 115'000+ logfile lines - and the normal default procedure to either enter that line in domain root/ .htaccess or in apache2 global conf file does NOT work for following reason i experienced today FAILED - see / read below IF your hacker is in a subfolder and stays there repeated time ONLY the .htaccess OF THAT subfolder is read by apache2 each time hacker requests a new file - hence the .htaccess in the top level domain/.htacess is UNREAD all the time of hack attemps IN a subfolder until the hacker woudl change thur the top level again - he did NOT for some 7 hrs on my site ... hence apache2 never goes to top level or global level config while the ONE visitor stays permanently in a SUB-folder !!! even a rcapache2 reload ( graceful restart of apache2 ) did NOT solve that issue then when i entered the deny from ... line into the .htaccess file INSIDE the hacker visited subfolder - the deny rule instantly denied any further access. a NEW revisit will be verified on top level htaccess - but ongloing hacks need to be answered in the hacked subfolder to act instantly and efficiently thus an ongoing hacker visit inside a subfolder needs to be denied IN that subfolder OR by using iptables as ABOVE caution: -------- iptables as above acts until next reboot as far as I know there is a method unknonw to me to automatically reread the /etc/iptables.conf file
Block the IP in your firewall and find where is he coming from. Is there any directory having 777 permissions, there can be a possibility the hacker came in from there.