my homepage got hacked

i opened an email from a site directory that i submitted to cause i wanted to check if i was listed or not. i clicked on the link to my homepage and thats when it happened. i was on my homepage five mins earlier and it was fine. when i got sent to my home page it said that i have been hacked and wanted me to email to a hotmail account to get it fixed.

the domain name of the hacker was ir4dex.org

does anyone know about anything related to this.

i called my host and they said that only my index file was changed.

my host solved the problem but im worried that it will happen again and im wondering what exactly caused this. if it was my local computer or a serverside issue. or ftp i don't know.

please help.

 

If you don't want it to happen to you again make sure your index file is read-only and not writable.

 

i changed it to 744 is that good enough?

 

444 is better. It really depends on how the problem occured to begin with.

Clicking a link isn't enough. There's usually other exploits that come into play.

 

has anyone heard of ir4dex.org? it said that was the hacker domain. how do i report the site?

 

Just do a whois lookup on the domain ir4dex.org and then you will find out who hosts them and then you can report them.

 

Do you have the backup?

 

yes i do. the issue is taken care of by my host support. but i was just curious if anyone knew who the hackers were. first time somelike that that happened to me so i got pretty riled up

 

do you have a writeable folder? what ytpe of site u have? is it image upload site? If it is, please send me the site.
*i've experienced many type of the kiddy type of hack*

 

don't come to that website again :-(

 

its actually a flash video site running on wordpress. you can check it out but i warn that its an ADULT site. www.pornonuts.com

 

ahh, probably someone is uploading funny script to your upload directory. most likely you need to upgrade your wordpress .

 

read this
http://www.zone-h.org/content/view/14865/1/

 

bad luck as u get hack

 

Check your access logs for mysterious entries. Also, they might have a PHP shell on your site, so look out for that as well.

 

yea.. c99 can couse many trubels.. be carfull..

 

You need some pass protec or etc

 

i told my host to upgrade software for me and they did it. so far so good. i did a whois look up of ir4dex.org and its a brazillian site. owner is thallissom de souza dutra. anyway if anyone has more info please let me know. just curious thats all. i don't think they are any major hackers. just some hackernoobs.

 

A quick Google tells me much about their activities.

It looks like they are trying to gain some notoriety by hacking as many sites as they can and claiming credit for them all. It doesn't look like they are doing much more than that but it's impossible to be sure without investigating more deeply. If you have closed the hole they used to get in then you should be fine for a while but I would suggest upgrading everything regularly. It rarely hurts and it frequently helps.

 

You won't be able to report them if they're on a swedish host though, all you can do is secure your server and hope they don't do it again.