Current time: 04-24-2014, 06:35 AM Hello There, Guest! (LoginRegister)

Post Reply 
My web site has been hacked
03-27-2012, 04:45 AM
Post: #1
My web site has been hacked
Hello - first time post, please be gentle with me!

Yesterday, my web site, hosted here, was hacked.

Is there a procedure to follow to determine who was responsible for such action?

Please point me in the right direction!

Thank you!
Find all posts by this user
Quote this message in a reply
03-27-2012, 06:31 AM
Post: #2
RE: My web site has been hacked
Being gentle, there are a number of recent threads in this forum discussing the recent hack issues, there are also several pages available in the wiki that can be found by searching. You might want to do a bit of research and come back with more specific questions.
Find all posts by this user
Quote this message in a reply
03-27-2012, 11:38 AM
Post: #3
RE: My web site has been hacked
(03-27-2012 06:31 AM)LakeRat Wrote:  Being gentle, there are a number of recent threads in this forum discussing the recent hack issues, there are also several pages available in the wiki that can be found by searching. You might want to do a bit of research and come back with more specific questions.

Many thanks for responding. I've had a good explore, but found nothing relevant to me.

I was deliberately targeted yesterday. I want to know if DreamHost can identify the culprits.

Who do I contact to put the wheels in motion?

.
Find all posts by this user
Quote this message in a reply
03-27-2012, 12:12 PM
Post: #4
RE: My web site has been hacked
If you have submitted a ticket, DH will get back to you with information about cleaning up the hacked files on your server that should help guide you. This is something that you, as the webmaster of your hacked domain, will have to take care of.

There is a lot of good info in the long thread here that should give you the info you need to clean-up your site (or you may just want to re-install it from back-ups) and get it more secure.

http://discussion.dreamhost.com/thread-134262.html

Most likely, out of date installations on your server (WordPress, Joomla, out-of-date or insecure plug-ins and themes!, or other PHP-based sites) allowed this hack. You aren't being personally targeted, MANY sites here and at other servers have been hacked recently. Sites are targeted by these hack-bots daily.

Also read this:
http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites

This post (from page six of that long thread) by dhtr lays out the basic steps you need to take to clean up the files and find open directories.
http://discussion.dreamhost.com/thread-1...age-6.html
From: dhtr RE: Sites hacked
Quote:I finished cleaning up all of my sites last night.

Here's the process I used to cleanup an infected site:

Run command line version of the 2.4 cleaner script shown above, using this shell command (let it fully complete -- sometimes takes a while!):
Code:
time php cleaner-cli_2.4.php 2>&1 >> cleaner_log
Find and remove those randomly named "payload" files mentioned above, using this shell command:
Code:
grep -Rinl "JGs9MTQzOy" * |xargs rm -f
Remove the .logs directory that sometimes shows up in web root, using this shell command:
Code:
rm -rf .logs
Locate any 777 / world-writeable directories, using this shell command:
Code:
find . -type d -perm -o=w
Set all 777 directories to 755. See reference at bottom of page here: http://wiki.dreamhost.com/Troubleshootin...irectories
Test any features that were uploading to the previously 777 directories, to make sure they still work.

This, from Dreamhost's Status blog has some more info about securing your site:
http://www.dreamhoststatus.com/2012/03/0...-reminder/

Read this thread, too:
http://discussion.dreamhost.com/thread-1...age-4.html

Make sure you are running your sites with Enhanced Security and your users with Enhanced security.

Good luck!
Find all posts by this user
Quote this message in a reply
03-27-2012, 04:24 PM
Post: #5
RE: My web site has been hacked
(03-27-2012 11:38 AM)Brawdy14 Wrote:  Many thanks for responding. I've had a good explore, but found nothing relevant to me.

Umm, being gentle, you need to work on your searching skills. Searching for 'my web site has been hacked on dreamhost' gives you all the relevant info you need.

(03-27-2012 11:38 AM)Brawdy14 Wrote:  I was deliberately targeted yesterday. I want to know if DreamHost can identify the culprits.

Actually, that will be your responsibility. You'll need to check your logs. And gently, don't ask how to do that. The information is readily available in the wiki.

(03-27-2012 11:38 AM)Brawdy14 Wrote:  Who do I contact to put the wheels in motion?

Basically when you start investigating, then the wheels will begin spinning.
Find all posts by this user
Quote this message in a reply
03-27-2012, 11:47 PM (This post was last modified: 03-28-2012 12:11 AM by Brawdy14.)
Post: #6
RE: My web site has been hacked
(03-27-2012 12:12 PM)artgeek Wrote:  If you have submitted a ticket, DH will get back to you with information about cleaning up the hacked files on your server that should help guide you. This is something that you, as the webmaster of your hacked domain, will have to take care of.

Hello ArtGeek

Thank you so much for taking the time and trouble to give me some guidance. I will explore all the links you have given me as and when time allows. I'm sure there's going to be lots for me to learn!

It may be of interest to you to learn that I do not have, nor ever have had, a server! I purchased a domain name last November but never 'used' it at all - I didn't ever put up a web page! Someone else did recently, though, and I simply wanted to know if DreamHost could identify the culprit.

I have now worked out how to 'park' my domain and used the DH test facility - it says the site is now clean. Phew! :-)

Thanks again!

.
(03-27-2012 04:24 PM)bobocat Wrote:  Umm, being gentle, you need to work on your searching skills. Searching for 'my web site has been hacked on dreamhost' gives you all the relevant info you need.
Actually, that will be your responsibility. You'll need to check your logs. And gently, don't ask how to do that. The information is readily available in the wiki.
Basically when you start investigating, then the wheels will begin spinning.

Thank you for your help, 'bobocat'

I have read here http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites and am now much better informed.

As far as I know, I do not have any 'logs' on my computer which are in any way relevant to the situation pertaining.

I do not have, nor ever have had, a server! I purchased a domain name last November but never 'used' it at all - I didn't ever put up a web page! Someone else did recently, though, and I simply wanted to know if DreamHost could identify the culprit.

I'll now investigate how to 'submit a ticket'!

.
Find all posts by this user
Quote this message in a reply
03-28-2012, 05:43 AM
Post: #7
RE: My web site has been hacked
If you didn't have an active website, then why was your first post this?

(03-27-2012 04:45 AM)Brawdy14 Wrote:  Yesterday, my web site, hosted here, was hacked.

We are other users, just like you.
We can't read your mind.

At least you now know how to submit a ticket
Find all posts by this user
Quote this message in a reply
03-28-2012, 06:26 AM
Post: #8
RE: My web site has been hacked
(03-28-2012 05:43 AM)artgeek Wrote:  If you didn't have an active website, then why was your first post this?

Your point taken ArtGeek! :-)

There was no intention to deceive. Someone DID put a picture up on a URL so anyone could see it, but it just didn't happen to be me!

How would *you* have initiated an enquiry such as mine?

TIA
Find all posts by this user
Quote this message in a reply
03-29-2012, 01:17 AM
Post: #9
RE: My web site has been hacked
(03-28-2012 06:26 AM)Brawdy14 Wrote:  How would *you* have initiated an enquiry such as mine?

Being specific generally results with a relevant response.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost
Visit this user's website Find all posts by this user
Quote this message in a reply
03-29-2012, 04:14 AM
Post: #10
RE: My web site has been hacked
(03-29-2012 01:17 AM)sXi Wrote:  Being specific generally results with a relevant response.

Hello sXi

You have no doubt read the whole thread.

Please demonstrate your expertise by providing a real life example of what you consider would have been a more appropriate 'Post Subject' in this particular instance.

In that way, not only will I learn, but others reading here may do so too! Smile

I very much look forward to reading your reply.

TIA
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: