my site www.percentageproducts.com was hacked yesterday. I logged in and deleted what they had advertised in index.html and wrote something else, but they have deleted my "home.php" and I don't have a back up of it. What do I do? Is there a way I can restore it? I dont even know how they got my password...this is just not the news I wanted to hear...
Most hosts keep a backup of your site, at least most advertise that they do on their webpage. Whether they actually do or not is another story, but that's probably your best bet.
First thing I'd suggest is: - Change your passwords - Complain to your webhost, they should have security measures in place to protect you/let you know your site changed. - Find out which IP address did the job, ban their IP range and perhaps report them to their host. You could even find out if they have Urls and then report them to Google also for delisting. If it happens again, report your webhost and move somewhere else...
Your host should keep daily back-ups, otherwise it's not a very good host. Good luck, man, it would suck if you lost your whole site.
Actually most hosts DON'T keep daily backups unless you pay extra for that service. It's really the client who should be responsible for having a local backup. It's a bad choice for a webmaster not to have a copy of his site on his home puter.
They said they have a "May 1st" backup so I have to change the layout a little since I have made changes since then... I requested for the IP to be banned but they didn't reply with any information about it, they were more concerned with getting my site back up... They also said I was hacked through a PHP exploit in my site, does anyone know anything about this and how I could avoid it? Thanks again guys, I deeply appreciate your help
It's always difficult to try and figure out how a hacker got it. If it's through a script exploit, I guess the best bet would be looking at your login scripts.
Hmmm ... If they have used a php script expoit, it's most likely that they must have altered your sql database too ... What was the script you were using or was it a custom coded script, your best bet would be to have the complete backup of May 1st restored instead of just the home.php ... since if the sql tables must have been altered it could prove harmful for the future security of your site! Also, if it was a custom coded script, most likely your programmer must be having a backup of his work on his computer, ask for the same and verify if there have been any changes to the filestructure, since an added php file could work as a backdoor and allow future access to your site! Also, tech86 on this forum is more known about this issue, I will ask him to have a look at this thread! He specialises in php security! Goodluck with your site, Abhishek
Thanks again, but my site has only one line of php, that is, <? php include --- ?> and a contact form mailer, which is sent to my email when submitted. now that my "home.php" has been restored, the actual php coding doesn't work for some reason as you can see here: http://www.percentageproducts.com/home.php?id=main main.html exists, but it says it doesn't... this is so weird...
Most hosts, in my experience, do not keep daily backups, whether they claim to or not. On the other hand, it's very scary not to have at least one backup of everything you have online. I keep three backups, updated daily, of everything we have online. Because you never know...