Hacked Site


#1

I apologize if this is hard to follow, I really do not know what the heck I am doing. I just bought a new site a couple weeks ago and gave access to the company to install the site. Now, after sending clients to their galleries, I am being told that some of them have been redirected to malware sites. I was unable to recreate this except for on my droid phone.

I looked through the wiki on this, but I am afraid I have no idea how to log into a SSH program let alone know how to change code and such… I contacted support and was told they can’t help with it. I don’t know what to do now.

Help please?

V


#2

Well did you ask the company who built your website? Did they use some sort of content management system (like drupal, joomla, etc) or did they roll their own? Obviously something within the code was exploited and they should give you some sort of support for what they have given you.


#3

Yes, I have put in an email to them today. I’m not sure what they used, but never having an issue before this, I assume it’s something they did or didn’t do :frowning: Thanks for your response.


#4

CMD where I bought my site says they won’t help, that Dreamhost should be the ones helping. :frowning: Dreamhost says they won’t look at the actual files, but I don’t know how to read HTML to know what is messed up code! :frowning: Where do I go from here?


#5

I’m afraid whoever built your website is just trying to pass the buck out of incompetence. DH simply provides you hosting services. It is NOT their responsibility to maintain the security of your website in any way shape or form. It is your responsibility to make sure whatever scripts and such you are using are secure and up to date. Did that company even tell you what they used to create your site? Did they do all custom work or did they start with a content management system and customize it? They should at least provide you with the information. Are they the ones who uploaded all of the files or did they give you a copy of the website for you to do it yourself? I am sure they probably still have a fresh copy of whatever they did. How long has it been since they finished the job for you? Do they have some sort of satisfaction guarantee of their work or support services? How did you pay them? If they won’t help you I would recommend you trying to get your money back because they provided inadequate services. There is a certain level of security you should expect when someone is building your site for you and obviously they did not incorporate everything they should have as far as any holes in the software. It seems to me your site is relatively new from your initial post and it has been compromised already so they should own up to it and help you.

I would recommend that next time you go with someone who will actually help you with any issues you would have with their products for a reasonable amount of time (at least the first 30-90 days) in case things like this crop up.


#6

The flash site is new (www.thememoryboxonline.com) , but I had a joomla site that I had made prior to this… so I really don’t know for sure if it was them or if the site just got hacked after this…


#7

I can’t give you much advice from this point other than to ask the people who made your gallery scripts and such to give you a fresh copy so that you can delete the site and start over. You can dispute the charge with your credit card company if they won’t play ball. At least ask them for more detailed information such as how does the gallery work. What sort of database is utilized when storing the information such as logins and passwords, if they are encrypted or not (or do you know already?). If you can’t find out how to fix the logins that are having an issue you should just delete the problematic accounts and create new ones. It won’t stop them from being compromised again but at least it would be a temporary solution. The hard part is going to be finding out just how your files were compromised and how to patch it if possible. Otherwise you would have to pay someone to troubleshoot your site for you and that can be expensive since none of us likes to work for free. Only other option would be to use different software for your gallery. Something that you know how to install and maintain yourself.

As far as where to go from there I recommend you learn at least the basics of web design. Can’t really find out what’s wrong if you don’t understand the language and how to actually make web pages and such yourself. There are all sorts of resources on the web for things like html, php, ajax, etc (the webmonkey is your friend). What if you wanted to change the color scheme or things like that, did they provide the files you could edit or tell you what you would have to alter? You have to think about that sort of thing unless you want your website to look the same forever. Hope you didn’t pay too much for what you got considering they aren’t willing to support you at all.


#8

Thank you. Yes there is a program installed where I can change everything on the site. I wouldn’t have bought it otherwise because you’re right, who’d want the same site forever?

I’m going to ask them for a copy so I can re-do it. At least I could wipe everything clean and start fresh… I do have a couple people willing to look at the files for me, that should happen tonight. I am ready to offer money for their services. I’m a photographer and don’t like when people ask ME to work for free so I know what it’s like :smiley: