My site was hacked

My site was hacked, both in cpanel and ftp.

The hacker hacked into my cpanel, and made a database for his site.
And them uploaded his forum onto my server via ftp. And changed my index page.
It was a Vietnamese's forum.

Then I checked the last login IP to my cpanel. it shown 203.113.167.162
then i checked the location of the IP in google, it shown Address:

47 Huynh Thuc Khang, Dong Da District, Hanoi City

Description: VIETEL-AS-AP

Country: VN - Vietnam

nternet service/exchange provider , No 1, Giang Van Minh Street, Ba Dinh District, Hanoi City


Can I do any any legal action about it?

And how can i find out how he hacked my site?

Thanks

 

While you may have the ISP provider, it doesn't tell who had the IP at the time they entered your site. In the US, you need a court order force the ISP to turn over that information. I don't know the process for Vietnam, but I'll bet it would be very expensive and long process. It's probably not worth the time or money. Just change your passwords, notify your host, and make sure your permissions are set correctly.

 

ok, thanks for your reply

 

Contact your host an inform them and get them to help you. If your host was hacked essentially, they should be in a furor. If the dude guessed your password though... then don't expect them to do much except reset your account or if they have a backup, get your site back up to before the hack point.

 

You can also find the abuse contact of the Vietnamese provider here and report date-time + ip + action taken. Vietnam is one of the hackers paradise, I am not even sure they have any laws against it (and I am not sure they apply against american targets) but you can hope into the common sense of the attacker's ISP.

 

Just delete all data, reset password, if possible get the ip range of that particular isp banned on ur host and just move on.

Greets

 

If you have SSH access look for hidden files inside your folders: ls -lha
Also check if they injected your html/php files with iframes/includes or something like that.
Use strong passwords!

 

also lookup your pc for keyloggers , unless your webhost has kept your server very insecure they cant gain access without your password .

 

if you can edit your firewalls

theres lists out there to block china/korea/vietnam completely
might wanna give that a try to help while you figure out what the problem is