My account's been hacked


#1

Okay, so I was stupid. I clicked on a link someone claimed had stolen my site’s content, but I think that link led to a cookie grabber or something similar, and now the hacker’s in my site and is posting his e-mail in random places. I’m not too bright when it comes to hackers. All I know is how to avoid them, or at least I try to. I don’t know what to do and right now I’m am stressing out. I need help with this and I need it quickly. If Dreamhost has a way to temporarily block him or something, does anyone know how I can request they do that? I can’t contact support because I know he’ll see the contact support logs. Please help :frowning:


#2

Log into http://panel.dreamhost.com/

And change your password to the account they are using. Log in via shell and do: pkill -fu where user is your username. That will immediately kick them out of shell. kill -1 should do it, too.

Then, locate anything they changed. Use your snapshots to restore anything necessary. When you login via shell, cd into your snapshot directory: cd .snapshot
Directory names are self explanitory.

*Edit – let ask you this, where is did he “hack” your account? Via the dreamhost site? If that’s the case, change the password to that account: https://panel.dreamhost.com/id/
Unfortunately, I don’t know of a way to kick them out of that site. Maybe the password change will promot him to relogin, hopefully. /shrug


yerba# rm -rf /etc
yerba#


#3

Would the shell be the same as FTP?


#4

Shell is reference to telnet or SSH, a way of logging into your server where you get a command prompt - like the MS DOS prompt in windows. See this wiki article for help

–Matttail
art.googlies.net - personal website


#5

Sorry for the late reply.

I found nstview.php in one of the folders and from what I saw on Google, that might be how he hacked?

I’m still confused about using SSH. I downloaded Putty, but it is giving me security alerts. I was not sure what to put down as the host name when I used it.

And the hacker just e-mailed me and he is taunting me.


#6

You will need to activate SSH for the user you intend to use for SSH. Users -> Manage Users, click Edit for the relevant user, tick the Shell: option then click Save Changes.

You should use your domain name (eg: example.com).

Be sure to save these emails, the email headers may (or may not) contain useful information regarding the hackers identity.

Mark


Save [color=#CC0000]$50[/color] on DreamHost hosting using promo code [color=#CC0000]SAVEMONEY[/color] ( Click for promo code details )


#7

The first time you use Putty to connect to a given host, it will give you a security alert–since it’s never connected to that host before, it only has your say-so to decide whether it’s valid or not. After the first time, the host key will be cached and you won’t see the alert again. (See the putty help file, somewhere in section 2 I think.)


Daisy