Hacked website / defaced website / website compromized
Author: admin admin Reference Number: AA-00247 Views: 11208 Created: 2011-08-20 15:28 Last Updated: 2013-03-25 11:30 0 Rating/ Voters

RE: if your website has been hacked,

You should upgrade all your PHP scripts to the most recent versions, then check through the account, normally once compromised with a Remote File Inclusion, the attacker will leave a shell script for easy access in the future.

Before upgrading your scripts you should ask in tech support for your entire account to be reset to new (backing up your data first)

The majority of web site compromises happen because of:

       1. Stolen FTP credentials
       See http://en.wikipedia.org/wiki/Gumblar      
       . Spyware on webmasters' computers: key-loggers, traffic sniffers (FTP protocol sends username/password as plain text), trojans that steal credentials from various programs' configuration files (FTP clients, DreamWeaver, etc).
       2. Security holes in popular web software: CMS (Joomla, Drupal, etc), Forums (phpBB, vBulletin, Simple Machines, etc), Blogs (WordPress). Once a vulnerability discovered, hackers configure their automated tools to search the web for websites running vulnerable versions of the software and exploit them. This can be done easily and at almost no cost when they have an army of zombie computers.
       3. Security hole in "in-house" web software. Many novice (and even many experienced) web developers don't properly sanitize user input making various attacks possible (SQL injections, XSS, etc)
       4. Poor security practices (Something that should be manually configured by site admins and cannot be fixed with automated security updates): Weak passwords, insufficiently strict permissions for limited accounts, files and directories with world write permissions, etc.

Please also look at the following articles:

http://www.google.com/search?q=mysql+injection
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.google.com/search?q=php+script+vulnerabilities
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/SQL_injection

We suggest you ask tech support to terminate and reset your account to new, erasing / deleting all files and databases.

If you would like support to make you a backup of your website files before resetting the account you can request that.

NOTE you must NOT re-upload the same hacked files to your server again after its reset, you must reinstall your scripts from the newest versions form the official website.

Before support can terminate your account and reset it, we need you to supply your transaction/order/sales or invoice number/id as proof of ownership of your account.

Quick Jump Menu