Hi my sites got hacked www.ewebpets.com and other blogs and sites on that hosting account.. The main parked site is ok... also one of the blog is ok.. rest around 10 wordpress blogs and 2 phpld directories are hacked.. I see only index file changed everywhere... what else could be the problem? what to do now? why it happened
you are not the one http://www.google.co.id/search?hl=id&client=firefox-a&rls=org.mozilla:en-US:official&hs=9X9&q=Powered++by+++Dr.Dang3r&start=10&sa=N Code (markup): http://www.google.co.id/search?hl=id&client=firefox-a&rls=org.mozilla:en-US:official&hs=SFU&q=Hacked+By++Dr.Dang3r&start=0&sa=N Code (markup): I think your server is not safe and secure http://www.zone-h.org/archive/defacer=Dr.Dang3r Code (markup):
I see only index.php is changed on all domains.. just replacing this is all OK? could there be infection of other files? how to check then?
it's useless if you replace all the index files because the problem is in your server host. Your webhost should secure their servers.
its the top hosting - JUSTHOST they are saying my ftp password is cracked or someting I found few files in one of my addon site with encrypted code link lol.php lol1.php, 0d4y xD.php can't find anywhere else I uploaded the files for you to see. they are just simple text files - no worry for you.. Also, I see the main parked domain site is ok and 2 more addon sites OK..
I have seen quite a few cases, where hackers attack a personal computer, steal the FTP info and upload the index files to the victims' computers automatically every day. I guess you need to check if your home computer is safe, then reset your web site and change the password as well as re upload everything again.
ok will scan my PC... Also, i just changed all index.php files of wordpress blogs.. and removed those 3 above suspicious file-- is it all OK? and changing cpanel password too.
ok, thanks for the tips. I am following them all.. I installed wp security plugin also... And one more thing..I am confused on the main domain index.php was all normal.. also one blog was normal.. do they do things manually then? and other index.php of directories like wpcontent, wpadmin were not changes..
Ah i think the intruder uses the new WordPress exploit. Check http://mashable.com/2009/09/05/wordpress-attack/ for mroe information about the attack. "All users are advised to upgrade to the latest version of WP, while those already affected are in for a trying weekend: you’ll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too."
Well Friend, I have faced this few time's earlier, And when it happens first time we all simply blame host . But as I said since now i learnt so i can share my experience Its majorly a attack from your own PC, some malware or some app's or some website which you might have surfed they must have downloaded some app/trojan/virus , Now they collect FTP password/username and what they affect worst is index files because they cant access other files because its auto written script so the smart idiot know every one has a index file with any extension And you said only index files are corrupted so rest is fine meaning your host is clean. First step : Run licensed professional Anti Virus (Norton) and remove all the detected virus/trojans etc Second Step : Run Malwarebyte's Anti-Malware(Free version) and remove all malware Third Step : If you dont run first two steps then first thing is go and change your FTP/Cpanel pswd using some another PC . Fourth Step : Don't use FTP from your affected pc unless step 1 and step 2 are clear or else it will be same problem again Hope it helps Thanks and Regards, Merlin
yeh, I scanned my PC with Avira AV free And Lavasoft Adaware Found some trojans with highest risk 10 removed them password resetted. lets see what happens now can't go on another PC
AVIRA free isn't your answer.. Use Avira Premium -> support firewall, antispyware, root kit detection and all protection
But if you pretty sure that is caused by your pc, then you can blame to the host company. I know others site are hosted in my shared hosting too, and if my site is down, then I will check that other websites (which are not mine).