Hello everyone. This week i recently had all my index files replaced with some hacker page.. I was rather disappointed to say the least.. i also found out that there is an organization turk-h.org.. that find it amusing to hack as many sites possible only to be listed as top hacker.. ANyway, i didn't know how they were getting in but apparently i loaded a public script that was hacked and this gave access to the bastards! Anyway, that script is long gone now.. i hope to god i have all my bases covered... anyone else run into this and might have further suggestions for me to keep the hackers away? Much appreciated. Tim.
1. Don't use bad scripts. 2. Check that they didn't leave one of their own scripts on your server to gain remote access later.
use different passwords for ftp, sql, email, etc. so they don't have access to all of them if they only get access to one
lol I've had them hack me once. SenqRonize or some idiots like that... turk-h.org is the turkish hacking center which was left behind after I tracerouted to that. I knew what to do though, take that site and its IP and ban it, that way it wouldn't count when the script tries to checks if its a valid hack or not.
It was hotscripts ... lesson learned.. Apparently there is a back door in that script.. they created a shell access.. so i was told.. live-cms, i have many scripts loaded.. is there an easy way to spot a script they would have installed?? T.
Maybe your FTP program lets you order the files by date modified. I'm not saying that they certainly would have put a backdoor on your server, just that it is safer to check.
I suggest changing your password to something very strong. Try not to use beta scripts or scripts you do not know much about. I always try to look up the script to see if it has any vulnerabilities or what not.
Very well. Thanks for the advice fellas! I will be re-inforcing passwords and having alook for odd files.. T.
One of the best advices ever. Hackers are known to even gain root privalages by this simple human mistake. Also never use the same password for more than 1 site and make sure you use a unique password for all sensitive websites (paypal, bank, etc...) Now other advice: 1) Backup everything and Save your logs so you can see how he hacked you and what he did. 2) Put the website offline (or change the .htaccess) until things are dealt with in order to prevent further damage. 3) Make sure to be on top of all updates for your scripts so such things dont happen to you again. 4) If you want a serious security check get experienced people to help *raises hand* =) Hope that helps. -Khaled
Google the script name + exploit added after it and see what comes up. It may help you avoid a situation like this in the future.