site was compromised
- Started
- Last post
- 21 Responses
- PIITB
Hey I got a strange email from google regarding my website:
"We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com."
After investigating it a little I found some strange script at the bottom of my index page. It seems as though someone hacked my shit. Has this happened to anybody here, what steps should I take?
- ukit0
First step, use lots of lubricant
- PIITB0
fucking shit is bothering me. would you change hosts? apparently I am not secure where im at.
- ukit0
I would contact your host first of all, and ask for a refund maybe
- akoni0
change your passwords at least
- done.PIITB
- oh yeah? well..
what is it? tell us or it didn't happen
Meeklo - hehePIITB
- pics or it didn't happen
;oPVectorMasked
- tasty0
I had a dead message board on my site i set up to see how it worked and i left it up. they hacked it, but its all cleared up now.
change a password, kill the board. password protect.
- jonatne0
it could have been done by a bot or some method other than a direct attack.. if the site is high profile then you should hire some sort of security measures.. if it isn't, then delete the script and carefully monitor..
change ftp login info, ssh login info, etc.. you could even request a new IP from your host
- bulletfactory0
I built a site not too long ago and got emails from the client saying there was a virus (their virus alert kept going off when they visited the site). I said "No fucking way, it's just xhtml/css. There can't be a virus." Then I noticed a strange script tag at the bottom of the footer (which was included on every page) - After I removed that, no worries. It was just random.
- ribit0
We got hacked once through a vulnerability in AW Stats software... You should find out what the cause was before you decide to move..
- thats just the thing i dont know how it happened or where to start.PIITB
- Depends on what type of hosting... If you don't control add-on software, then I think you have to ask them how it happened..(like all the possible scenarios)ribit
- ..how it could have happened..(like all the possible scenarios)ribit
- and google the code, look for discussions about other people who got hit, etc..ribit
- of course when we got hacked it was a defacement hacking, so they left their name, which helped...ribit
- we then found we were like 2000 on their list of hacks...ribit
- actually heres a story about it:
http://www.chovy.com…
ribit
- bulletfactory0
I would love to see a hacker hack a site, and actually fix some problems. Like leaving a message .........
"HAXORED BY CLIFF, YOUR SITE IS NOW STANDARDS COMPLIANT, BITCH"
- funnyjonatne
- LOLJnr_Madison
- anthology worthy, hold on.Jnr_Madison
- HHAhhhahahahahhah...flavorful
- spendogg0
HAXORED BY JONATNE, YOUR LAPTOP IS NOW ON DA INTERNETZ"
- dog_opus0
This happened on my first blog in 2004, and a friend of mine took care of it for me (I'm pretty weak with the development stuff). There was all sorts of weird script on loads of my pages ('cause it was a blog), and some of them were links (it looked like Javascript, I think). If I remember correctly, he mentioned to me that you should update the scripts on your back end every couple of years.
- acescence0
most people that get hit aren't targeted specifically. i look thru my server logs and see that every day every hour there are 100s of hits from script kiddies looking for specific software they know is vulnerable. they just get a list of random domains and brute force until they find something.
- dbloc0
This happened last week to one of the sites that we just finished up. check all your code. They added something in. Make sure you change all passwords and possibly host.
Who is your host? I wonder if it's the same host getting hit.
- PIITB0
dbloc it was ipowerweb? What host were you using. I tried to contact ipower via email to see if they will give me a refund so I can switch hosts, we'll see if they do.
- don't tell me this, a client just consolidated all of their domains and sites to manage w/ 1 ipower account.bulletfactory
- angelus350
PHP site? If so, make sure register_globals flag is off. There's all sorts of PHP/MySQL injection attacks that can be made via that setting.
- utopian20
WHAT HOST ARE YOU USING?
- bulletfactory0
Our SQL servers at the university (where I work) were hit yesterday - what a fucking mess - I'm lucky I'm the designer and not the tech that had to wade through that mess.
fucking SQL Injection - right after the database was cleaned up, it went in and reinserted the bad code in all the rows again.
- dbloc0
our client was using verio. so it's probably just random.
- dbloc0
we did have a database connection....maybe that's it.