My site got hack. it is redirected to a site which is not mine. I check my cpanel there is no redirection to this site. How to solve this. Tq
Make sure that your FTP password is secure, also check the permissions of the .htaccess file. Also you might want to contact your hosting provider for help - they usually will be able to help you.
You need to check index files hacked content coding, it may available in it. Also check hacked content in your website database tables and hacked URL redirection.
Many websites are hacked by using stolen FTP login credentials (username and password). These login credentials are stolen by a virus on PC that has FTP access to the infected website. The virus works in a variety of ways. The two most common are: stealing the information from a plain text file and "sniffing" the FTP traffic. First, many free FTP programs like FileZilla store the saved credentials in a plain text file on the PC. If you're using FileZilla on Windows XP, look in: C:\Document and Settings\(user)\Application Data\FileZilla\sitemanager.xml (user could be administrator or whatever user you sign in as) In there you'll see each of the sites with the username and password stored in plain text. The virus finds this file, reads it and sends the information to a server which then logs in to each site, downloads files, infects them and uploads them back to the website. Many of them also then monitor the website to see if the infection is still there. If it's been removed, it tries logging in again using the same valid credentials and re-infecting the website. This server often times also puts various "back-doors" on the website so it can re-infect the website after the passwords have been changed. These back-doors are usually .php files that include the string: eval(base64_decode(... but there are many others as well. The second method, where the virus "sniffs" the FTP traffic is also commonly used. Since FTP transmits all data in plain text, including username and password, it's easy for the virus to see and steal the credentials this way as well. I have a YouTube video showing this: http://www.youtube.com/watch?v=oYI1kssrrbc What can be done? First, I would switch from using a free FTP program to using WS_FTP by Ipswitch. I wish I could send everyone to an affiliate link, but I can't. But I do like their product because it does save the login credentials but it's encrypted which makes it more difficult (not impossible) for the hackers to use this information. I would also see if your hosting provider supports SFTP or FTPS. These two protocols are encrypted so they can't be easily sniffed. Of course, the hardest part about this whole scenario is convincing people that they have a virus. Everyone always says, "I use XYZ anti-virus so I know I don't have a virus." However, these viruses learn how to evade detection so often times a different anti-virus program is needed in order to find and remove the virus. Many have had good success with Avast, Kaspersky or Vipre. This is just my experience but I have cleaned over 20,000 websites - and counting.
this really due to bad password or your pc have been hacked use nice antivirus software and have secure ftp passwords
If you have root access, you could find out which ip your server got hacked from...Just check modification date of the file that changed by hacker and try to find out ips that logged into server using ftp on the time and date when file got modified in /var/log/messages. Its a bit confusing, however decent method to catch hacker on Linux server.
inoxhost, That may not work. Many of the backdoors that hackers have been using recently change all the dates and times to same thing. So you can't tell which file in a folder changed when. Inside the backdoor script is a line that "touches" all the files with a pre-determined date. So when viewing the files, they all have the same date. This method also bypasses the FTP logs as they're using backdoor scripts to modify the files and not necessarily FTP. Just thought I'd let you know... That used to be a great way to determine what files were hacked, but in the past two weeks we've seen more and more files in a folder all with the same date and time. As a matter of fact, it's almost a way to tell if any of the files have been hacked - if they're all the exact same date and time. Of course, now that hackers read this, they'll come up with a backdoor that changes all the modified dates and times to various random selections. ;-)
as i always tell people keep backups and share your passwords with no one. I'd say clear your server change your password and reinstall your backup