1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help Needed. My Sites Hack by Team 007. What should i do?

Discussion in 'Security' started by kenshinhimura, Sep 5, 2011.

0
  1. #1
    I just found out today, when i open my sites, it shows, my sites been hacked by team 007. Can anyone help me on this. What am i suppose to do now? I still can access my hosting. Please DP members. Help me on this.
     
    kenshinhimura, Sep 5, 2011 IP
  2. serena85

    serena85 Peon

    Messages:
    892
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #2
    If you have a backup of your site, erase all from your hosting, change all the passwords and then put a fresh copy.
     
    serena85, Sep 5, 2011 IP
  3. kenshinhimura

    kenshinhimura Active Member

    Messages:
    366
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    58
    #3
    i havent back up my files. does this mean if i back up my files now, it wont change anything? i still have access to my cpanel
     
    kenshinhimura, Sep 5, 2011 IP
  4. nihangshah

    nihangshah Prominent Member

    Messages:
    5,536
    Likes Received:
    271
    Best Answers:
    3
    Trophy Points:
    395
    #4
    Contact your hosting company. They might have done automatic backups of your site.

    Also, try using Google Cache. Get whatever info from Google Cache and re-develop your site.
     
    nihangshah, Sep 5, 2011 IP
  5. hotnoob

    hotnoob Member

    Messages:
    96
    Likes Received:
    2
    Best Answers:
    1
    Trophy Points:
    28
    #5
    Looks like manual hacking, they are a bunch of amateurs.

    http://www.zone-h.org/archive/notifier=Team%20007/page=1

    from the looks of it, they are hacking into junky little websites with poor coding on them, my best guess would be that they got in through SQLi or LFI.
    if your script is secure, than you've probably got a key-logger on your computer; team 007 apparently has a key-logger out with their name on it.
    ---

    i'd first backup what's left of your website and put it into an archive, just in case they decide to come back.
    then i'd do a full system scan, next, because virus scanners are actually pretty useless, i'd boot your computer into diagnostic mode, winkey + r, msconfig, diagnostic mode. then id open up netstat, winkey + r, cmd, netstat -nob and look at the exe names that have connections, some of them may be loggers.

    after you make sure your computer is clean, take the backup copy of your site, and you will want to use a virus scanner on it, most virus scanners will detect shell scripts, unless its really junky like norton.

    if you find a shell script on your site, your going to want to look at your upload functions on your site, and then your functions that are using mysql.
     
    hotnoob, Sep 7, 2011 IP
  6. chrisp47

    chrisp47 Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Is there only way to just ask your host sites and if they not provided you the password then change your hosting site.
     
    chrisp47, Nov 9, 2011 IP
  7. iLovehosting

    iLovehosting Peon

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I would suggest scanning all of your files. Most hosts now have security on place to stop this from happening. Scanners will scan all the files that have been changed in the last few days and if they have it will flag up and check for suspicious content. Its is also your fault for not keeping your software secure!
     
    iLovehosting, Nov 17, 2011 IP