My site got HACKED

Hello guys, well im new here and wanted some help from u people.

My VB FORUM got hacked a day back and some other site's url was posted, i was using a free domain name and the yahoo email which i used as Admin's email was also hacked, all the details like my email, etc were changed.

How do i know who hacked my site, i mean a little info about them, coz this is the 3rd time my site was hacked.

Thank u in advance

 

You should give more info if you want us to help you.

What do you mean with this?

 

I think he means his site was defaced.

First things first, check ALL of your software for updates and patches before setting it back up. Then check any log files for around the time you think your site may have been hacked, send these to your host and if you know the IP that was doing the hacking report it to their ISP.

But the most important thing is, keep up to date on your patches. Usually script kiddies will use premade "hacker tools" to target sites with a certain vulnerability. So if you patch this vulnerability it will render their tools useless.

Granted, until another exploit is released, in which case just get the patch ASAP.

Hope that helps What VB forum are you using exactly? Google "[INSERT YOUR VB BULLETIN NAME] patch" to see if there is anything out there for your site.

 

What version of VB did you have running when you got hacked?

 

I highly doubt it had anything to do with the vB Unless it was a really old version.

 

If it was like 3.6.2 he probably did. My friend got hacked on the same version.

 

ask yahoo for help

 

Im using 3.6.4

 

My VB is up to date with all the patched done.
My site was defaced and an Orkut page was put up.
I checked my ftp and found no suspicious files too.

How can i trace the hacker. Where do i find the Logs ?

 

I'm not an expert on security (I'm here to listen to what people will say)
I can tell you one thing: login with your shell account and look for hidden files ( ls -a). You should find a file called bash_history .
If the hacker is dumb he probably forgot to delete that file and you'll see some command he used.
This of course depends if he used your account to hack your site.

 

What if he doesn't have shell access?

Check with your host to make sure that this wasn't a mass server attack. Sometimes an attacker will completely compromise the system itself (and every site on it) and it will have nothing to do with your personal software, though you should ALWAYS keep your scripts up to date.

If you do have SSH access then go ahead and look for the hidden files and log as ma0 said, otherwise login to your hosting panel and view the logs there. Look for suspicious errors, or redundant requests from the same IP.