Announcement

Collapse
No announcement yet.

Hack or Virus?!?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Hack or Virus?!?

    I had a weird problem this morning. It seems that one of my sites had all of the index.php and .htaccess files missing from each of the directories. No other files were missing. The result was that all of the files were exposed when someone visited the site. The database was not touched and there was nothing sinsative or proprietary about anything. The site is run using an open source program (Ox-Wall), so I don't think that they were trying to still the program.

    Has anyone ever heard of such a thing? Also, other then changing the password does anyone have any ideas on making sure that it doesn't happen again?

    Tags: None
  • #2
    Are you sure there isnt hacked content somewhere on the site? Personally, I would delete everything and start again from scratch, making sure the software is fully patched and secured.
    • Likes 1

    Comment

    • #3
      I'd be leery of that as one as well. We're thinking "hack". I'd rebuild as clivejo suggests unless you can do a restore from BEFORE you know it was broken. Still, I'd delete everything before the restore.

      Comment

      • #4
        +1 on that, Though if its on a shared hosting account... why not take advantage of the new 3 to 4 times a day backup feature plus work with rsp's new free hacked site recovery? Restore the site back to a certain point then change passwords for everything.... Just curious.... I'm sure RSP will work with you and I'd like to hear a review how that works from a person with first hand perspective. RSP keeps backups for 10? days I think it is? Save you alot of work Iads if everything works as advertised
        Last edited by doneritehosting; 29-05-2014, 08:28 PM.

        Comment

        • #5
          Thanks everyone for the advice. What I did was delete and reinstall everything using the database backup from my Dropbox account. Password is changed.

          DoRite, RSP did help me find the problem, but I fixed it myself without their new hacked site restore service, mainly because I wasn't sure if I were hacked or not.

          Comment

          • #6
            Glad it worked out that easy for you Iads, I do not wish problems on anyone.. but I sure would have liked to hear a first hand experience with the new services also....

            BTW, you are the first reseller that posted here about actually performing a dropbox restore. Mind sharing the details or may I say wisdom?
            Last edited by doneritehosting; 29-05-2014, 09:21 PM.

            Comment

            • #7
              @donerite - testing that (Hepsia's not drop box) is on our "list". once we get our mirrored sites here, we'll blow one away and try the restore feature... better to test when you DON'T need it than when you DO. I've made a note to report back... on a new thread of course.

              @iads - We'd like to know more about the drop-box experience as well

              Comment

              • #8
                Originally posted by iads View Post
                RSP did help me find the problem, but I fixed it myself without their new hacked site restore service, mainly because I wasn't sure if I were hacked or not.
                What was the problem?

                Comment

                • #9
                  Thanks Larry, I'll be looking for that review
                  Also waiting to hear back from Iads, I'm curious how smooth that went.

                  Comment

                  • #10
                    Originally posted by doneritehosting View Post
                    BTW, you are the first reseller that posted here about actually performing a dropbox restore. Mind sharing the details or may I say wisdom?
                    The Dropbox restore was as easy as pie. The back up actually come to a folder on my home computer in zip format. Just unzip and upload, then reload the database and you are done in three minutes. Easy Peasy....

                    @clivejo - I mis-spoke. Other then finding out which files were missing we never did find the cause of the problem, but I did take precautions against it happening again, weather if it were hack or virus.

                    (That was not a challenge for someone to try again.)

                    Comment

                    • #11
                      I had something similar a few weeks ago. Some of my websites were hacked and the .htaccess files were modified to redirect to a different website. I had to edit the file and changed my passwords. I can't imagine how that happened. I think they got directly into my RSP account to do so since my local files were not affected.

                      Comment

                      • #12
                        That would be the easier way to do it too vlasi. Hack into the login for the reseller panel then use the login as ******** to access individual accounts... maybe an additional security feature ought to be added to that button like asking for a extra pin number or something....

                        Comment

                        • #13
                          Quite possible. A lot of sites got hit by the OpenSSL bug, but are basically staying quiet about it or denying it (including some big players in the computer industry). Human nature is to use the same password, so the hackers go on a rampage trying the login details ( ie username, email address and password) on numerous sites around the internet. I notice that most of the failed logins on my Wordpress sites look like valid email/username and password combinations. I dont think we will ever know the true extent of this bug, but it is important to change your passwords regularly and keep them unique to that site. Especially for email accounts, which if 'hacked' allow leverage to reset other passwords elsewhere.
                          • Likes 1

                          Comment

                          • #14
                            Originally posted by clivejo View Post
                            ...important to change your passwords... Especially for email accounts, which if 'hacked' allow leverage to reset other passwords elsewhere.
                            Bravo! This is the one of the most UNRECOGNIZED and overlooked security vulnerabilities.
                            • Likes 1

                            Comment

                            Previous template Next
                            Working...
                            X