1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Site Hacked, .htaccess changed for joomla and indexes files changed for wordpress

Discussion in 'Security' started by meknassi, Feb 21, 2012.

  1. #1
    Hello,
    SEMrush
    A godaddy shared hosting is hacked and hacker :

    - changed the .htaccess to htaccess.txt and no joomla website is working because of that.
    - indexes of wordpress website are all changed
    - In every subdirectory there is a new folder called "Root" and when I open it, it redirect me to the root of the hosting. When I try to delete it, it start to delete everything.
    - non-wordpress and non-joomla websites are not affected.


    What will be the cause of the hack apart from password hacking.
    how to delete this "root" folder.
    how to prevent hosting from being hacked by the same reason.
    the hacker said the the sfe mode is off. how can force all the accounts to to be ON


    And thank you
     
    meknassi, Feb 21, 2012 IP
    SEMrush
  2. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #2
    Restore from a clean backup or run some secure scans and check access logs. That is how we fix a hacked site or when a hacked client moves over to our servers, we scan and check their sites then lock them down so they cant get hacked.
     
    SolidShellSecurity, Feb 21, 2012 IP
  3. meknassi

    meknassi Well-Known Member

    Messages:
    671
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    110
    #3
    Thank you,

    any solution to the symbloic root folder please?
     
    meknassi, Feb 21, 2012 IP
  4. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #4
    You may wish to talk to your host. It could be a hacked server if the permission on symlink do not match. We ended up applying some custom patches to block the symlink exploits.
     
    SolidShellSecurity, Feb 21, 2012 IP
  5. adseo

    adseo Greenhorn

    Messages:
    56
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    16
    #5
    change the file permissions of public and group access
     
    adseo, Feb 21, 2012 IP
  6. hola277

    hola277 Active Member

    Messages:
    131
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #6
    I agree. The "Root" folder is likely a symlink.
     
    hola277, Feb 23, 2012 IP
  7. JohnnyMazuma

    JohnnyMazuma Peon

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    You may want to consider using Kaspersky or some other enterprise level solution to protect your personal computer. Be sure you run a full virus scan on your computer. You should also consider checking for adware and other malware. Once you know your personal computer is clean, change the password on your hosting control panel.You may also want to log into your hosting control panel and change permissions on all your files and folders to 644. 644 means only people logged in as your can change any files on your website.Also, you may want to verify you have the latest version of WordPress and Joomla. It could be you have older versions that have already been hacked.To take your security to the next level, consider getting a solution like McAfee Secure Site to test your website and find all the cross-site scripting problems. You will likely find a lot in the open source software. Cross-site scripting problems open the door to your website allowing hackers to put your website in the condition it is currently.I hope this helps.Johnny Mazuma
     
    JohnnyMazuma, Feb 23, 2012 IP