A charity website I managed, http://www.swedauk.org has just been hacked! Presumably I can upload the site again but since I don’t know what’s happened I’m not sure how to stop it happening again. The site’s commercially hosted. I can still log into CPanel so the password’s not been changed, what are my options?

Upload again – change the password and then get in contact with the host company. They should have logs that will determine how the site was changed.

The first thing I’d do is NOT link to a website that has been hacked, and is therefore likely to be carrying a trojan.

Just like the other one from earlier this week.

EDIT – I reported your post, just in case.

EDIT – I reported your post, just in case.

Nice! The site doesn’t have a trojan on it BTW, just some hackers text.

I’ve removed the link anyway and changed our password. Hopefully the hosts will be able to let me know what’s happened. It also looks as if it’s only the homepage that’s been altered, the rest of the site seems intact.

I manage the website from home (currently at work) but since it’s literally happened in the last few minutes I might be able to upload the index page from Internet Explorer’s cache.

It looks like kids playing rather than someone with malicious intent. How good/strong was your password? Get a gooder/stronger one, (horse/stable door/bolted etc.). A bumer all the same 😐

BigJohn – Member

The first thing I’d do is NOT link to a website that has been hacked, and is therefore likely to be carrying a trojan.

Just like the other one from earlier this week.

EDIT – I reported your post, just in case.

Utter tosh! and not very helpful.

Your site is still there hjust your index page has been changed, looks like only text but worth digging a bit deeper.

The possible entry points will be

CMS / admin
Your BB board
Hacked FTP (less likely though)

FTP to your site and check the folders and make sure no new files are up ther. You don’t want scripts running on your hosting in the back ground. If you can take a backup and delete everything. Don’t forget to back up your DB.

Ask your hosting comany for the FTP logs and rule this one out.

Next look at what CMS you are using / Is it open source if so patch it up.

Then look at the forum software (this is your most likely suspect and agin if this was the problem change it patch it)

Thanks

Cornelius Reginald Xavier III

Latest Active Topics from the Message Boards – 8/10/2010

Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/swedauk/public_html/ssi/read_topics.php on line 5
Too many connections

This doesn’t help you

Our hosts have side that a number of sites on the same server have gone the same way and that they’re looking into it, so it may not be a fault with our site, but the server as a whole.

Still phpBB ain’t the best and has a history of serious flaws and holes.

Just make sure it’s the latest

was thinking the other day
whatever happened to the hacker that broke into stw a couple of crimbos ago,
was his name farse, something like that,

or are we still not allowed to talk about it

Is it created in WordPress?

No, it is done WYSIWYG but in Dreamweaver MX.

Ahh okay – someone else was on here a couple of days ago having had a WordPress 3 site hacked – was worried it was becoming a commonplace thing (most of our sites are WordPress).

Our hosts have side that a number of sites on the same server have gone the same way and that they’re looking into it, so it may not be a fault with our site, but the server as a whole.

Yeah, we had similar – our hosting company (RoutHost) had a couple of their servers hacked by an Iranian dude, they managed to get everything back up and running in a day or fortunately.

It’s all sorted now. Apparently someone had an old, vulnerable script on their site and some ftp uploaded malicous files on another account were found (neither account was ours fortuately). At least whoever did it just seemed to want to leave their mark rather than do damage, even so shutting down a support site isn’t great.

Glad it got sorted,