It finally happened: Hacked

[VSmall]

I knew it had to happen sooner or later. My site has been hacked and the permissions have been changed. :mad:

 

What do I do now?

 

BTW The files are still there.

 

VLS

[falkencreative]

Can you clarify... what exactly has been hacked? your hosting? the CMS your site runs on?

[VSmall]

Probably the hosting. Here is the URL. www.golde nalbini sm.com [remove spaces]

I have contacted the host and am waiting for an answer from them.

 

VLS

[falkencreative]

If you no longer have access to the site via FTP, you'll probably just need to wait on the host to reply. Most likely, the password you were using for the account wasn't very secure.

 

Were you using some sort of CMS (wordpress, etc), or was it a static HTML site?

[VSmall]

It is a static HTML site.

 

Through FTP I can see that the files are still there but when I try to upload a new index page I get a message saying permission is denied.

[falkencreative]

It depends on what sort of control panel your hosting uses, but it may be possible to go in and edit your folder permissions through their control panel interface. Some FTP editors also have that ability.

 

I would definitely change your FTP password and your main hosting password as soon as you can to something secure (no words in the dictionary, combination of uppercase/lowercase, and perhaps using special characters and/or numbers).

[VSmall]

I will do those.

 

Thanks.

 

VLS

[VSmall]

For anyone interested, I went to ZenCart and AntiOnline Spotlight for some more information. They had a list of steps to do.

 

I am still waiting for my web host to get back to me. I blame them for the intrusion. They were supposed to be secure. :mad:

 

VLS

[VSmall]

An update. I was asked if the site was something like WordPress. As it turns out, that was the problem.

 

The hacker must have gone through my WordPress blog and got to my main site. WordPress itself was not touched. (I don't think)

 

The basic problem is fixed. The site is back up. Now, though I think I should remove the WordPress section from the site and use WordPress as a stand alone with a link pointing to it from my main site.

 

That means transferring all or the information from the old blogs into the new ones.

 

Should I do that, or should I just find the hole and plug it?

 

I looked at some of the files but I can't tell what WordPress has done from what the hacker has done.

 

Any suggestions?

 

VLS

[falkencreative]

I'm not an expert when it comes to security... I imagine there were a few different ways that the hacker could have gotten in, the simplest of them being that they guessed your password. Realistically, the chances of you being able to find the hole yourself probably aren't that good.

 

Manually moving everything probably isn't necessary. I'd just make sure that you are using the most recent version of Wordpress and that you have a secure password on the Wordpress admin. You may consider also creating a new user that isn't named "Admin", giving it admin privileges, and then deleting the previous admin account (assuming you are currently using "Admin" as your Wordpress username). That will also help make it more secure.

[LSW]

Minor technocality, the site was Cracked. Crackers crack sites and do harm. Hackers hack sites only on request of the owners to reset or check security. The Press got it all wrong years ago and it stuck. Hackers are the good guys.

 

If it was cracked, why would they go through the trouble just to change permissions and not delete or change files? Sounds more like a mistake or error on you side or the host... resetting it.

[falkencreative]

If it was cracked, why would they go through the trouble just to change permissions and not delete or change files? Sounds more like a mistake or error on you side or the host... resetting it.

 

Just to be clear, the site did have it's home page defaced -- it wasn't user error or a hosting error. Looked more like a script kiddie why was doing it for kicks than an actual serious attempt though.

[LSW]

OK, the thread made it sound like just the permissions were reset, I must have missed any reference to actual defacing... my bad, sorry.

[VSmall]

The defaced page actually read "Hacked by..." then it had a name. I do think it was just for fun. Maybe a baby hacker/cracker whatever, getting his or her feet wet.

 

Falkencreative, am I that obvious? How did you know my user name was "Admin? I will follow your suggestions. You have been very helpful.

 

I have contacted someone to help me make the changes, close my back door so to speak, update to the new version etc. Frankly, I do have better things to do than decipher 12 pages of tech talk WordPress likes to put out in their codex.

 

VLS

[LSW]

If they used "Hacked" then it was one of the script kiddies to dumb to know the right term. I know a few hackers who are very upset seeing crackers called hackers. Real Hackers are proud of it and attack crackers where they can. Professional Hackers and Crackers know the difference and use the correct terms. Otherwise they are wanna-be's.

[falkencreative]

Falkencreative, am I that obvious? How did you know my user name was "Admin? roll I will follow your suggestions. You have been very helpful.

 

Just a lucky guess. It is the default administrative account name -- I would guess that most users don't bother to change it.

 

Glad to hear that you are up and running again... Hopefully it will be relatively simple to upgrade Wordpress and get the latest updates.