My all sites hacked. Turkish boys replace only Index.html File. Please Help

I am in serious problem from last 2 days.. some turkish guys replace only index file on all my site.
My site is host on Hostmonster and i use addon funtion for all my sites. what i feel, they only change my index.html file. I call my hosting company,and they said,that they must have user name and password to replace file and said change your password. that i did. but today again (after 8 hour to change my password), again they replace index file on all sites.

Then i again call to my hosting company. they again reply me same and said change permission of index file to 555 (read and execute).
now i don't have any problem. but i know they will again do this. i know they don't have my user name password. there must be some trick to replace index file. coz i check my all other files are there, some have databases, no problem with anyfille.

Can any body help me. Kindly some senior members help us.there are alot of persons those facing this problem
Should i have to change my hosting?
should i have to change password daily?

what i have to do? plzzzzzzzzz help

I am also a Muslim Person and thise turkish guys said, they are also muslim, coz in index file page there was message "You site hacked, we are muslims turkish"

I don't belive those are muslim. A real muslim person never do like that.Some people are using name of islam and muslims.

what the hell is going on

Please Help

 

Is it a server wide compromise or just your site?
If it is just your site, double check you have update your script to latest.

 

i think its just my site. hosting said, its happend with my sites only.
i have html files on most of site. and 3 site have scripts. index.php they put index.htm there that not effect on there.
but sites those have index.htm those replace by their page.

kindly help

 

Put your own index.htm file on the affected sites and set the permission on it to 555.

 

Your host is lieing.

Look like it is not just your site. It is a complete server compromise.
The hacker mass-deface all index file on the server.

 

Damn these guys are hacking boxes like crazy. They just attacked my whole box the other day. They replaced all my index.php with this page http://www.leetcom.com/index2.php. It's okay to click on the link there is no harmful scripts or anything it's all html. My websites run the latest version of apache and php. None of my sites have shell access. All my passwords on my server at 50 characters. I have tons of security programs running all the time. I have no clue how they got in.

 

They have a website if anyone can speak Turkish. The website is http://www.1923turk.org. I tried to do a search for my site with no luck.

 

That's no use if they have rooted the box, or his httpd runs as his uid.

 

agree. "root" access give you complete privledge to do whatever you want.

 

Those are script kiddies.I checked their website.They can only use exploits they cant write them This means your are hitted by a nice vul.You should hire a sys admin.

 

it's impossible to hack a website with a long password

 

- First check all your folders, especially folders with 777 privaliges, search for relatively big php files, they could be using a tool like for example phpRemoteView.

- Next, if possible make sure those folders with 777 permissions are protected so that executable files like php files can't be uploaded there.

- Updrade all scripts you are using to latest version available.

 

Oh come, come now, let's be serious. Most, if not all, of these mass defacements are perpetrated without the need of a password. It is usually as a result of a disclosed exploit in the script. The password length or strength is completely irrelevant in the vast majority of cases.

Sometimes the scripts holes can be used in combination with locals to elevate privileges and take over the box - again, without having to know any passwords.

 

Did you happen to run drupal? Just the fact that they only replaced the index says they might not have gotten much farther. It happened to me once with drupal, because of the xml-rpc bug the older version had. www.securityfocus.com -- just go there every once in a while and look for the stuff you run, when you see a bug upgrade. Also check the sites, like if you ran phpbb, check phpbb.com for updates... etc...

 

I agree...that fits the MO. I've seen this many times.

Advice:

• Use non-standard index names. They usually hit index.htm, index.html, default.htm, default.html, home.htm, home.html etc. (You need to use .htaccess to do other filenames as the index file.)
• Get a new web host that understands security measures or talk to a security expert.

 

muslims never cut heads off people on live TV, never fly planes in to tower blocks? never kill children in school with suicide bombs?
never hack a server HA HA HA
wake up will you.

every race religion has it's crack pots.

 

Hello
Even i've faced mass defacement and all i found was that the hackers were using cross-script vulnerabilities in php scripts.

And again, if they hack 1 site, they can hack all the sites as apache runs as user "nobody or www or as defined by the server admin" and all sites are accessible by the apache user. So if they use some script vulnerability they can get access to all the sites and deface all of them (Condition the files have proper permission so that they can be written by the apache user)

So if your site is hacked on a shared hosting, it's not necessary that it's some vulnerability in your script, it's possible that it might be result of vulnerability in script of some other user.

The only solution to his problem is to have good mod security rules.

You can find a good set of rules at:

http://unix.org.in/2007/02/16/modsecurity-rules/

Greets

 

You may have a keylogger on your system. Download adaware and spybot and search. Also I recommend you to use Kaspersky Internet Security. They may also have hacked into your PC. Or they have planted a trojan or virus.

 

omgg i just got hacked again...first time by kurds who had a message in turkish which my grandmother translated for me (we are armenian but she knows turkish) and now my sites got hacked by turks. this is bs not only do i hate them for the armenian genocide of 1915 but now they are committing genocide against my websites!!! here are the sites that got hacked forumclique.info and uploading.cc

last time i got hacked i just replaced the index files and it got fixed but now i need a permanent fix plz pm me if you can help

 

Hello
I already gave you the solution, but you are not reading it, please do as instructed in:

http://forums.digitalpoint.com/showpost.php?p=2564464&postcount=17

Greets