What the ?? I've notified my host regarding this...luckily I backed up the database and website files yesterday because I was trying to implement Google Checkout. I am afraid that all my orders since then will be lost if I need to restore the database backup. Not worried about restoring the website files. My site is http://www.drhfinegifts.com I sent a nasty email to the email given, but I doubt that will matter...
You databases and website should be intact. It looks like they have just replaced your index page. You may want to remove their page before it gets spidered by the search engines btw. Last thing you need is a Duplicate site penalty. You will probably find your host hasn't patched his/your server. I do remember reading on Slashdot about a CPanel patch within the last couple of months. This is the problem with Shared hosting. BTW, you hacker could easily be one of the other hosts sharing your sever with you. Shared hosting is ok to get started with. But as soon as you can, you should move to a dedicated server or a managed dedicated server if you don't know enough to secure a linux box.
Thanks for the tips. I thought maybe it was some sort of redirect or something. Anyway, my host had me change my Cpanel password and reload my webpage. It worked. I don't know what he did, but I'm glad it's fixed. Luckily, the hack page was only up for less than an hour!
fortunately for your host your site is YOUR ONLY YOUR responsibility and your liability ! hence study all your site knwo what oyu do - know what all your SW does study access_log files search until yoiu find the cause -ä no matter how long it takes - no matter how much it costs find hoiles in your site security - and then close them all
Just to let everyone know, the hacker accessed the site through the images file. It is an executable program that loads a datafeed with stock images. The site was only affected for about 1-2 hours, since my host was able to fix the security hole. Alot of sites have been affected by this hacker. This is the info on the hacker: http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,JaMaYcKa/
I was notified by my internet provider that my sites was hacked yesterday. Different hacker from yours but index files where added (but not replaced). Also the date on these files are from Oct 11, 2006 but I noticed that zone-h reported it on November 11th. I didn't know anything was wrong untill I got the email. He added files like index.html and default.html but I use php scripting so I never knew about the hack. The index files just contain some text saying it was hacked by blah, blah, blah. I am not sure how it happen... I run virus scanners nightly and my windows 2003 server is patched up and as far as I know I have php installed correctly.
That was the same case they did to my site a few weeks ago http://forums.digitalpoint.com/showthread.php?t=159773 They placed an index.html file in the main directory, but luckyly no other files were affected.
I was hacked about 2 months ago, which they somehow used safe_mode to get in. Because my safe_mode was off. They got my whole entire server. 75+ Sites. It was a mess!
I figured out my security hole. It was a TuFat.com script called FlashChat. I removed it. The hackers also uploaded a script called phpFileManager 0.9.3 to add their index files.
FlashChat? What is the version you have installed? I think if you always up to date with the latest version this shouldn't be happen.
oops, I haven't checked yet if the hackers uploaded any files into my directory Thanks for this update..I will just have some check now...
I was a version behind I think. I installed it in July and the bug was discovered in Sept. I do usually try to keep things upgraded but it was on a demo site I hadn't had to time to work on in a while. What software do people use to check out what files where modified/added? What Virus Scanner, Spy Ware scanner do people use in Windows 2003 server environment? I just ran a virus check and checked my logs carefully and did a search for files modified in a certain date range.
I just had a site hacked by this JaMaYcKa dude and I dont run any scripts on my site except simple stuff like google ads is there anything I can do to prevent it from hapening again?
You just got defaced. You usuallt get in through an unsecured script or a file doesnt have the secure file permissions, dont leave files on 777. I found the site where people post the sites they hacked, mine was one of them, just defaced, nothing too bad.