yes my server got hacked. I see all my files are still there.... don't know what to do as of yet. Should I contact the hacker, ask him to give it up? Or contact the host to reset my password? (files are still on the server)....
Yeah... contact the hosting company and have them reset the server password (if its a dedicated) do not negotiate. make sure when you get it back you run through with an antivirus software to make sure he didn't leave anything in. You also might want to look into having it hardened a little bit more. Or making harder passwords.
Antivirus wont pick up stuff like PHP file browsers, get your hosting company to do a full security assessment. Using the logs they should be able to see exactly how he got in and what he has done assumng he hasnt wiped the logs.
First, I doubt that *hackers* is the correct term. Second, never deal with that kind of people, they will cheat you, ask for money or something. The best thing you can do is contact your host provider so they can reset your password and check logs for flaws or backdoors. Change your password, run an AV on your system just to be safe. Good luck
You happen to know if your plan is managed or unmanaged, if managed, get your host company on it ASAP. One other things I would do is get third parties involved, if your data is important and critical to you. Like Rack911, or other reputable server management companies. Those companies can do a lot of things like analyse logs, detect backdoors, preventive measures... etc.
Do you know how they got in? Check SQL error logs and for any php shells. if you have a recent backup of your site then upload that. A php backdoor can be one line embedded into any php file. Did they root your server or not? Is it dedicated? If not they could have gained access from another site on the server. How were you alerted? I used to work for a web app security company a few years back, if you think there is a vulnerability on your site and want me to take a look PM me.
I wonder how you could contact the hackers Whenever you could, this means they should be totally idiot. You rather deal this story with your hosting company or some secu experts. Cheers. Thibaut
I really don't see how using an AV will prevent your server from being hacked. Perhaps you are talking about an IDS?
In fact, yes an AV can stop your site from getting hacked. Think about it logically. Workstation gets infected with a bot - Bot harvests passwords for hosting account - bot master then infects hosting account web files to obtain more infections... However, if the workstation had an AV - then there is a CHANCE, that the AV would have stopped the bot from installing and harvesting passwords. I would assume that the hosting company already has an IDS, considering its a production/development environment.
lol. Bots rarely don't infect production servers. First of all 99.99% of the bots are for windows. You server could be linux/unix. Also it's assumed those servers have a well set firewall and not running more services then needed. There wouldn't be any vulnerable services to exploit. You will not find netbios like ports open in a production server as opposed to home users. Also they should be either set on autoupdate or updated very often. Using an AV is such a server is overkill because you don't really need it. It only slows things down. As for IDS, your assumption is wrong. I'm not aware of any hosting company to install an IDS by default and not ask permission from clients first. An IDS has 2 big downsides you need to consider: 1. Increased overhead due to interception and analysis of all requests. And trust me, it's not negligible. 2. Too soft vs too hard rules. Make the rules too soft and you get a false sense of security. You end up with software you know might be vulnerable but you don't bother your self to fix it because you think you are protected. Blacklists only protect you from known attacks (to the person who made the rules), not unknown. Make the rules too hard and you break the web site. The line between too soft and too hard is very thin. This is the reason you only install IDS on your dedicated or VPS and manage the rules by your self.
If nothing will work than last option you have to spend some money for AntiVulnerability 2009 . you can find more detail from www.aplinkworld.com/anti_hacking_software its around 40 USD software for Php security ..if any buddy find some crack for same software than please PM me
its hard to help someone when they don't provide all of the information.. so like everyone else has said: Retrace your last steps. check log files.. contact your host.. think from a security perspective or even think like a hacker to prevent it from happening.. Contacting the hacker is waste of time.. but challenging him will bring him out