VSmall Posted January 12, 2009 Report Share Posted January 12, 2009 I knew it had to happen sooner or later. My site has been hacked and the permissions have been changed. :mad: What do I do now? BTW The files are still there. VLS Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 12, 2009 Report Share Posted January 12, 2009 Can you clarify... what exactly has been hacked? your hosting? the CMS your site runs on? Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 12, 2009 Author Report Share Posted January 12, 2009 Probably the hosting. Here is the URL. www.golde nalbini sm.com [remove spaces] I have contacted the host and am waiting for an answer from them. VLS Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 12, 2009 Report Share Posted January 12, 2009 If you no longer have access to the site via FTP, you'll probably just need to wait on the host to reply. Most likely, the password you were using for the account wasn't very secure. Were you using some sort of CMS (wordpress, etc), or was it a static HTML site? Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 12, 2009 Author Report Share Posted January 12, 2009 It is a static HTML site. Through FTP I can see that the files are still there but when I try to upload a new index page I get a message saying permission is denied. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 12, 2009 Report Share Posted January 12, 2009 It depends on what sort of control panel your hosting uses, but it may be possible to go in and edit your folder permissions through their control panel interface. Some FTP editors also have that ability. I would definitely change your FTP password and your main hosting password as soon as you can to something secure (no words in the dictionary, combination of uppercase/lowercase, and perhaps using special characters and/or numbers). Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 12, 2009 Author Report Share Posted January 12, 2009 I will do those. Thanks. VLS Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 13, 2009 Author Report Share Posted January 13, 2009 For anyone interested, I went to ZenCart and AntiOnline Spotlight for some more information. They had a list of steps to do. I am still waiting for my web host to get back to me. I blame them for the intrusion. They were supposed to be secure. :mad: VLS Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 13, 2009 Author Report Share Posted January 13, 2009 An update. I was asked if the site was something like WordPress. As it turns out, that was the problem. The hacker must have gone through my WordPress blog and got to my main site. WordPress itself was not touched. (I don't think) The basic problem is fixed. The site is back up. Now, though I think I should remove the WordPress section from the site and use WordPress as a stand alone with a link pointing to it from my main site. That means transferring all or the information from the old blogs into the new ones. Should I do that, or should I just find the hole and plug it? I looked at some of the files but I can't tell what WordPress has done from what the hacker has done. Any suggestions? VLS Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 14, 2009 Report Share Posted January 14, 2009 I'm not an expert when it comes to security... I imagine there were a few different ways that the hacker could have gotten in, the simplest of them being that they guessed your password. Realistically, the chances of you being able to find the hole yourself probably aren't that good. Manually moving everything probably isn't necessary. I'd just make sure that you are using the most recent version of Wordpress and that you have a secure password on the Wordpress admin. You may consider also creating a new user that isn't named "Admin", giving it admin privileges, and then deleting the previous admin account (assuming you are currently using "Admin" as your Wordpress username). That will also help make it more secure. Quote Link to comment Share on other sites More sharing options...
LSW Posted January 14, 2009 Report Share Posted January 14, 2009 Minor technocality, the site was Cracked. Crackers crack sites and do harm. Hackers hack sites only on request of the owners to reset or check security. The Press got it all wrong years ago and it stuck. Hackers are the good guys. If it was cracked, why would they go through the trouble just to change permissions and not delete or change files? Sounds more like a mistake or error on you side or the host... resetting it. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 14, 2009 Report Share Posted January 14, 2009 If it was cracked, why would they go through the trouble just to change permissions and not delete or change files? Sounds more like a mistake or error on you side or the host... resetting it. Just to be clear, the site did have it's home page defaced -- it wasn't user error or a hosting error. Looked more like a script kiddie why was doing it for kicks than an actual serious attempt though. Quote Link to comment Share on other sites More sharing options...
LSW Posted January 14, 2009 Report Share Posted January 14, 2009 OK, the thread made it sound like just the permissions were reset, I must have missed any reference to actual defacing... my bad, sorry. Quote Link to comment Share on other sites More sharing options...
VSmall Posted January 14, 2009 Author Report Share Posted January 14, 2009 The defaced page actually read "Hacked by..." then it had a name. I do think it was just for fun. Maybe a baby hacker/cracker whatever, getting his or her feet wet. Falkencreative, am I that obvious? How did you know my user name was "Admin? I will follow your suggestions. You have been very helpful. I have contacted someone to help me make the changes, close my back door so to speak, update to the new version etc. Frankly, I do have better things to do than decipher 12 pages of tech talk WordPress likes to put out in their codex. VLS Quote Link to comment Share on other sites More sharing options...
LSW Posted January 14, 2009 Report Share Posted January 14, 2009 If they used "Hacked" then it was one of the script kiddies to dumb to know the right term. I know a few hackers who are very upset seeing crackers called hackers. Real Hackers are proud of it and attack crackers where they can. Professional Hackers and Crackers know the difference and use the correct terms. Otherwise they are wanna-be's. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 15, 2009 Report Share Posted January 15, 2009 Falkencreative, am I that obvious? How did you know my user name was "Admin? roll I will follow your suggestions. You have been very helpful. Just a lucky guess. It is the default administrative account name -- I would guess that most users don't bother to change it. Glad to hear that you are up and running again... Hopefully it will be relatively simple to upgrade Wordpress and get the latest updates. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.