I have been hacked and dont know what to do ..

this is the first time anything like this has happened to one of my sites.
Please can anyone tell me what to do ? am freakin out
I have mailed my host, but wondered if there was anything i should be doing before he gets back in touch with me?
The site is/was a new directory i was setting up. whoever it is, is in the process of renaming all my categories
Many Thanks for any help you can give
Erica xx

 

Since it is in the starting stage. You may just get a new and good directory script.

Let us know which script you are using, so we can avoid that srcipt.

Thanks

 

I've had a similar problem recently, TIPS:

Log onto your FTP account, look to see where or what has been changed recently. Trace the alterations by the date stamp on your ftp programme. This should in theory tell you how they got in. If you have a backup copy, over-write where or what they have changed.

Once you have done this, change your passwords, make them strong. Mix Letters with numbers, Upper and lower case.

Contact your directory script, make sure you have ALL the up to-date security patches installed.

Hope this helps.

Its a bummer isn;t it.

 

Sorry, forgot to say, Can you access your Raw Data Logs? If so, study them, they may just tell you where you were hacked, at what time and who is doing it.

Its amazing what you can learn from this data.

Oh and obviously, use this as a warning and back-up, back-up, back-up!!!

 

hiya, and thanks for the reply. I started working on it 24 hours ago and all i had to do was put in the guidelines and then was done .. i get where you are at as in it was new .. but it was done .. all the style and images etc are saved .. but i hadnt got round to backing up the database of categories .. had only just finished altering them, then got side-tracked grrrr. oh and just realised i hadnt backed saved my altered css either tut.

hiya and thanks for replying .. i had a look at the stats in cpanel, is that where you mean? .. i have had open all the files that are mentioned in there, so dont know which it could of been.

hiya, and thank you for the reply .. i have contacted the admin at the index script forum to let him know. I have refreshed all the folders in my ftp program and none of them are changing for the time that the changed took place is that what you mean ?
I will be honest, a lot of what you have said has gone straight over the top of my head. I am not very technical minded if i am honest. i have deleted all the files from my public_html folder (except the one that was there when i got my hosting).
is it my hosting passwords you are saying to change or was it the admin passwords in the now deleted directory script.
As for it being a bummer .. yes it is .. i am sat here shaking and am freaked out .. I dont know whether to redo it or leave it or what
Thank you all for your replies .. they are much appreciated
Erica xx

 

ok i just clicked on raw access logs and it downloaded a gz file .. i opened it up and opened the file that was in there. to be honest with you, it means nothing to me (what a surprise eh?)
the times on them are only from 5.30 to 6.30 ish which is about 5 hours ago. all the ip looking numbers at the left are all the same (i was on at those times)
I dont think i will get to know will i cos i dont know what i am looking for lolol
i'll ask my host fella when he comes on .. see if he can see anything.
and i dont know about taking it as a warning, but am thinking maybe take it as a message that i shouldnt be dabbling in things i know nothing about.
Many Thanks
Erica xx

 

Yeah, if you access your FTP programme in the public_html file you will see the other files. Next to these files will be a date that they were last updated. This could show you which files were changed and when. If you see a file that was altered when you know your didn't do it, that's your hint.

I wasn't as well but their actions have meant that I have had to become 'savvy' with it. I am by no means an expert but I have learn't (a lot from DP), asked the Q's you are doing. Another tip is to access (If there is one) the forum for the script, that forum will have I am sure people who will have had the same done to you.

Both, strenGthen you passwords. Do not make them personal or if you do, use your second cousins twice removed's wife's uncles telephone number!!!

Dont quit, because if you do they have won. Keep your chin up and good luck.

 

there was non altered after i had been on .. that was the freaky think :/

i have had a peek at their forum, but i think its quite a new thing as there isnt half the posts as on here lolol .. i'll do a search to see what it shows up.

i have tried to change the password in cpanel, it says enter the old one, and the new one twice. it says 5 min 128 max.
i wrote in a mini novel with numbers in too and it keeps saying couldnt not be changed because your password is WAY too short it was 30 odd characters

I will .. and thank you

Erica xx

 

Whatever else you end up doing I would also add that one should make sure to have regular backups just in case the next hacker wipes out a lot of work that cannot be recovered. Backups are great when you need them after a disaster.

 

Hiya wormy, thank you for the reply
I will certainly make sure i keep backing up, even in the middle of things from now on lol
I know i was gutted last night when it happened, but was more positive when i got up this morning .. at least it was only just finished and didnt have any links in it yet (well it had mine but they can easily be added again)
When i have gone to redo it today, all i have lost is some changes to the css, but i was scribbling notes as i was going yesterday, so its all on paper. i had used a category dump, then changed to suit. but today i have decided to just do my own categories and save save save as i go along.

I would just like to say a big thank you to who replied and gave me advice .. especially to hopper, and to my host bizoppz who have both given me some great advice and support/encouragement in pm .. believe me when i say i am taking this as one HUGE lesson learnt with regards to security

Erica xx

 

Thanks Erica,

How did it finish? Are you back up and running?

Cheers

Hopper

Rotherham, I know it well, used to cover there as part of my territory when I worked for Marlboro.