1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Hacked - What is best way to clean out uploaded files?

Discussion in 'Security' started by Honeybee1, Feb 15, 2012.

  1. #1
    Hi, the sites on my vps were hacked yesterday and I am having trouble finding all the .php files they uploaded.
    I have about 50 sites and am not sure how many got affected but I think it was many, I'm still checking.
    I was told the 2 things I needed to do were, delete all these 234334.php files and edit the htaccess file to remove the redirect code.
    But, I am not sure how they got in. I have seperate logins for cpanel for about 10 sites and some of those remote sites also got the hack.
    Any ideas on how to find the files that were uploaded more easily than going through each folder one by one and Find out how they got in so I can close that?
    I am a non programmer btw, thanks for any help offered.
    SEMrush
     
    Honeybee1, Feb 15, 2012 IP
    SEMrush
  2. HostingLynx

    HostingLynx Active Member

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    83
    Articles:
    10
    #2
    Since you don't know how you got hacked, it could have been done a few different ways.
    1. You your self could have gotten hacked(kelogged, backdoored etc) and your passwords stolen, then someone logged into FTP/Cpanel.
    2. Your web scripts are vulnerable to some form of web exploitation.
    3. The server your websites are located on was either hacked, or configured insecurely.

    If you would like help finding the files the hacker uploaded and figuring out and preventing how they got in the first time feel free to shoot me a PM.
     
    HostingLynx, Feb 16, 2012 IP
  3. geekos

    geekos Well-Known Member

    Messages:
    3,366
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    140
    #3
    My websites was also hacked this week. All my .htaccess files was infected. What I did is, I reported it on my webhosting provider, after few hours all infected files were deleted.(hostgator rocks)
     
    geekos, Feb 16, 2012 IP
  4. HostingLynx

    HostingLynx Active Member

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    83
    Articles:
    10
    #4
    If you would like help determining how this attack happened, I do offer a service of post hacking forensics & pentesting(seeing if I can find vulnerabilities in your site and then fix it).
     
    HostingLynx, Feb 16, 2012 IP
  5. Honeybee1

    Honeybee1 Well-Known Member

    Messages:
    554
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    125
    #5
    Thanks for the responses. I have someone cleaning out the infected files and removing the hackers uploaded files.
    It is still not clear how they got in. I do not think they hacked me. I have 2 separate hosts with sites and they both got hit.
    Some sites on the server got infected and some did not. The thing in common between the separate sites on the 2 servers was the blog themes and plugins. That might be how they got in.
    Thanks again
     
    Honeybee1, Feb 20, 2012 IP
  6. HostingLynx

    HostingLynx Active Member

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    83
    Articles:
    10
    #6
    If you think its your host, that can be the problem with shared hosting. Alot of sys admins dont take the time to secure shared hosting as well as they should.
     
    HostingLynx, Feb 20, 2012 IP
  7. BigTim3

    BigTim3 Guest

    Messages:
    266
    Likes Received:
    1
    Best Answers:
    2
    Trophy Points:
    0
    #7
    probably a hacked server...
     
    BigTim3, Feb 20, 2012 IP
  8. fakhri

    fakhri Greenhorn

    Messages:
    37
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #8
    i though, rename public_html with another name like 'public_html_hacked', than create new 'public_html' folder, than re-upload the clean files.
     
    fakhri, Feb 21, 2012 IP
  9. KungFuBacklinks

    KungFuBacklinks Peon

    Messages:
    22
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #9
    If you're using WordPress you absolutely must make sure you keep everything up to date - plugins, themes, etc. (even ones you don't have activated) - everything.

    I also recommend using a few security plugins. My entire portfolio of sites was hacked not long ago and I am now militant about security. Once you get everything cleaned up, backups are a must. I just use a cloning script for my WP sites and that does the trick.

    Here are the security plugins I use:

    Bulletproof Security by Edward Alexander
    Ultimate Security Checker by Eugene Pyvovarov
    Secure WordPress by Website Defender
    WP Security Scan by Website Defender

    The Ultimate Security Checker gives some GREAT easy-to-follow tips on beefing up your site's security. I highly recommend spending 30-60 minutes installing and learning these. Once you get to know them, it will only take you 10 minutes to get them all going.

    I hope that helps.
     
    KungFuBacklinks, Feb 21, 2012 IP
  10. newcutegirls

    newcutegirls Peon

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Your web scripts are vulnerable to some form of web exploitation
     
    newcutegirls, Mar 15, 2012 IP
  11. tiffanywilliams12i2

    tiffanywilliams12i2 Peon

    Messages:
    164
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    have your host scan and check for backdoors. what mine did.
     
    tiffanywilliams12i2, Apr 6, 2012 IP