Hi My site at www.dindragoste.ro was hacked, as well as all other websites hosted on the same account. They all link to caprazates [dot] org. My question is what to do, where to start to restore my account. I have access by FTP also from the site admin panel. I contacted hosting support and they said "The server was not hacked, so they likely gained access to your account through a vulnerability in a script or program running on your account. It is also possible that they gained access directly using your account password. I would recommend changing all of your account passwords and disabling all programs running on your account (PHP, perl). All programs running on your account should be updated to the latest version." Yeah, but I have no idea what to do now to get rid of the hacking modifications. I see no modification by FTP... Any suggestions? MANY thanks!
Hey, Sorry to hear about this. First, check PC for keylogger/spyware, change all your passwords. What do you mean to get rid of the hacking modifications? If you have backups, which you should, then restore those recent backups. Also check make sure all software/scripts you use is up to date, EX: If your forum is out of date, they can hack through that.
You'll probably have to manually go in and remove all the changes they made (links they added, images, etc.) It's a pain in the you know what but it is really the only way to do it and make sure you get everything. If you don't know HTML, PHP, etc. then you'll probably have to pay someone to do it. Alternatively, you can reupload the script you're using and just fix the DB if it's been altered.
I got it, finally - they modified only the index.php file. I was looking by FTP at the dates when the files were modified and they remained unchanged. Thanks for your replies.
Yup, that is what this turkish shit heads always does. When sites get hacked like this, why is it always turks that does it. Are there more idiots in turkey than elsewhere or what?