Jump to content
virtualadz

Please Help

Recommended Posts

I am in deep deep trouble again. The site I uploaded just got hacked! withinminutes. Don't know how is happening.Let me brief out the histroy first.I had an oscommerce store when all this began. It was not updated to latest and gothacked. Since then I have removed every script relating to it and itsdatabase, downloaded all files on server to scan for virus (none found)and did everything to prevent the hacking. But then when I had a removedeverything, and only had index.html it still got hacked!This continued for about days and each time I would remove injected codesit would get hacked again (15 times till now). I had then changed somefile permissions on the recommendation of the host and put a message onthe site "Site will be back within a few days". Even after four days thistime the site didnt get hacked, so I was a bit relaxed and thought it wasfinally over. I then uploaded my new site design today and bang the site gothacked again. Again the new site was nothing but simple (nothing to invokesuch a hack).I think the hacker had been waiting to destroy my new site since I had putup the msg. The host has been of little help. The injected code points tosites like 'takesnames' and such. I had been waiting for almost 2 monthsto get my site back on track but this hack/hacker is leaving me no where.No idea how this is happening. Can anyone kindly have a look at the cpanel, tosee if you see anything suspicious (check file/folder permissions, .htaccess,) Maybesince the oscommerce script was remove somethings were not put in the sameposition. If you can do anything to help that would be gr8 or advise what should I do. Been working hard to get the site up and now all I get is this.I will provide access by PM. Someone also advised me to change host, but that is not really an option since, I have paid annual hosting fees a few months back. site is : www [dot] b h u r a t e a [dot] com......thanks very much in advance.

Share this post


Link to post
Share on other sites

A couple quick things to do:a.) goto to CrystalTech (http://www.crystaltech.com) and sign up for an IP only site - $2 a month (use iribbit.net as referrer) - or any other NEW hosting service.b.) upload your site therec.) see if your site gets hacked thereIf it does, then the hacker might have something on your PC that triggers something that informs him you uploaded something.Another test for this:a.) ask your host to move your site to another server in their network.b.) do not put any files there.c.) goto the library or friends house and put a HTML file there from scratch (from that pc)d.) wait for ti to be hackedIf it is not hacked, then burn your site and all its dependencies to before mentioned friend's PC. Upload your entire site from that PC. If you are hacked, then you missed something in your code.P.S. Be honest with your friend, do not simply tell him/her that your connection is down and you HAVE to get this up - tell them your problem so that they can decide they might be at risk of "being seen" by your stalker.If all that fails, then go to the police.

Share this post


Link to post
Share on other sites

have you changed all your passwords? It sounds like this 'hacker' is someone who knows you (because why would they repeatedly hack a strangers site.) have you shared your passwords with people?

Share this post


Link to post
Share on other sites

are you using a shared computer?

Share this post


Link to post
Share on other sites

no, its a personal computer.@skemcinI dont think my site is getting hacked due to anything on my pc, cuz I access a dozen other sites so why would only 1 be targeted. And I also have AVG and Sygate for protection. I will look into that another host thing, but how will I be able to host a site on an IP only hosting account.

Share this post


Link to post
Share on other sites

It sounds like they have a key logger on your PC, but as you say if that was the case it is strange they would not attack your other accounts. Do you ever notice any performance lags at certain times of the day? They could be transfering logged data.I would also recommend what Skemcin said. Try another provider and upload from a different PC to ensure that your PC is not infected. I believe awardspace.com allows you to use your own domain anme even on their free accounts.Is your host running the lastest versions/patches of cpanel? Is it a Linux or windows server? Since even your index.html page got hacked they are probably compromising the hosts entire control panel system. If they have found a way to simulate the login cookie then changing your password does no good.

Share this post


Link to post
Share on other sites

It might be that there is a keystroke on my computer (but AVG didnt detect any). Cuz only the index files are hacked. Today i Uploaded index and contact files, from them only the index has been hacked till now (this was the trend till date) and also I have many folders but only 1 has index files ( a sub-folder) and that has also been hacked. Does this mean its a bot and done via my laptop ?I think I will re-format my computer (though its a pain having to re-install around 40 sofwares again and then customizing it)But Anyway it has to be done.I don't have any idea about the latest updates from the hosts side, but they said the account is protected 24X7 and is updated to modern technologies.Thanks for your inputs, I will look into those.

Share this post


Link to post
Share on other sites

I would recommend using freeware software such as Spybot Search And Destroy http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1Ad-Aware-SE Personal http://www.download.com/Ad-Aware-SE-Person...tml?tag=lst-0-1If you run both of these on your computer im sure it will find something and remove it.Also i suggest you contact Tucows Inc (I believe) and inform them of the problem

Share this post


Link to post
Share on other sites

also download Hijackthis and post the log file on forums.techguy.org, they will point out any trojans, hijacks of your browser also.

Share this post


Link to post
Share on other sites

If you want to send me login information for ftp or cpanel I'll take a look at it and see if I see anything wrong. I won't make any changes though. If you are getting script files installed on your server when all you are hosting are HTML files, then there is a security hole somewhere on the server. If other servers that the host uses are not getting hacked then most likely it is not cpanel (unless you did something in cpanel to open a hole). The only way to stop this is to find out how they are getting in, clearly the hole is still open. What are they doing when they hack the site, are they defacing your web pages or getting into the database, or what are they changing?

Share this post


Link to post
Share on other sites

yeah sure, sending u details via PM.Maybe some WEB_INF file permissions are not correct, or maybe some things in cpanel (redirection etc), I really dont have any idea. Any help would be gr8. And like they say, only doctors can know the problem with just a simple look. you all are pros..so might catch something.No scripts are being installed, codes are injected into pages or somtimes entire page is deleted and links to their site is placed and other undesirable content is also placed.I dont have any database connection as of now (had long back when oscommerce was there). For now I m taking the Hijackthis tool and some anti-virus program suggestions by aspnetguy n ben.thx!

Share this post


Link to post
Share on other sites

Its been a tiring day. After posting the log files on techguy forums, the guyz out there helped to remove some unknown programs. But even after removing those files, the site got hacked again. The only thing I dont understand is why only 1 site is getting hacked, I access 5 different hosting servers and several logins through the browsers, but only and only 1 site is attacked. can it be like they have set a specific keylogger on the laptop to give info only about 1 server login info. One more interesting thing is only index files get hacked, does this mean its a bot?But the thing is if he gets login info from my laptop then why would he only inject codes, why not destroy the whole site, that makes me think there is a hole in the server or cpanel as justsomeguy said. I m just confused.currently I am waiting for jsutsomeguy's response, after which the last resort before I change hosts is to re-format the computer.Also is there any way I get a refund if I change hosts (do hosts give refund) its been only 2 months since I paid the annual charges?thx.

Share this post


Link to post
Share on other sites

I'd be livid with your host if they are not providing any help as to how or even who is accessing your. Whether or not its your problem, they should show some interest in helping you, if for no other reason than to protect THEIR network. I know my host would be all over me to correct the problem - even to the point that my site would get shut down by them until we could figure it out.Did you try one of the other recommendations - backup and delete the whole site - then upload it from another location from another PC?You really need to find out what activity the problem is related to. Is it your PC, is it that one hosted account, etc. If you try moving it to another host - use a different PC. There are too many things to look for and without having real time feedback, its hard to really be more helpful. You, and this is funny, really just have to try everything. But really try hard to to isolate the processes. If you are going to try something on a new PC, then everything must be from sratch - don't copy files from your suspected PC and upload them from the new PC.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...