my website is hacked

im in bbs school ( www.bbslebanon.org) the schools website is hacked and threatened to put nasty info and make a bad influence for my school .. and ias a student and IT in the school i need help to get the acess to the control panel of it please help!!
cirusxxxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tonyteriCommented:
well, you need to have the username and password of the website as well,

You can access it 2 ways:

1) ftp.website.com (webiste is actual name)

2) www.website.com\cpanel or something like that

TT
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PsiCopCommented:
Frankly, I wouldn't bother. The machine is compromised. Even if you get in and get control, you can never be certain, especially with Windoze, that you've plugged the hole they used, or that you haven't missed any backdoors they added.

Instead, wipe the machine and re-build it from scratch. Hopefully, you have your website content backed up elsewhere.

When you go to re-install, consider that almost any other OS is more secure/securable than Windoze. Look into NetWare, Linux, Solaris for x86, etc. You have an opportunity, if you choose to take it.

Even if you do stay with Windoze as your platform, try a more-secure webserver, like Apache.
0
shahrialCommented:
Well...this is the result of the query...

Server: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b
Last-Modified: Fri, 22 Oct 2004 09:57:45 GMT
ETag: "5003c-384-4178d999"

...leaving it to the other experts to assist...
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Cyber-DudeCommented:
What OS and WEB server you use?

Cyber
0
hgottfriedCommented:
My first question whould be, did the "hacker" contact you? Do you have the e-mail?
What kind of / if any firewall is running on the server?
Do you have IDS running on the server?

What ports do you have open?
0
Cyber-DudeCommented:
Sorry, just verified -  shahrial  gave already the OS and the server...

Hmmmm

Let me check on that one...

Cyber
0
cirusxxxAuthor Commented:
well guys the thing is that a company made me the site not me ,, am a hrdware expert not a web developer u know ,,, so i donno wt company hosted ma site :S and the hacker didnt contacted me ,,
0
Rich RumbleSecurity SamuraiCommented:
The only action for a hacked website when you have little experience with security, and or forensics is to rebuild from scratch. Back-up what you can of course... but you can't completetly trust the data backed up. A firewall, and then a proper audit of the web-page (not only the box, but the source code too) is the true way to prevent this in the future. If the box is with a ISP that is hosting this for you, they must rebuild a compromised box.

To see what I mean about the source code being insecure, check out  www.loginmatrix.com/hackme/
That was a superior tutourial on source code hacking
-rich
0
matthew1471Commented:
I think you can pass the blame here, contact your webhost, it's their problem ;-)

Oh and change your password
0
ahoffmannCommented:
>  I think you can pass the blame here, contact your webhost, it's their problem
depends ...
if you've any kind of dynamic content, then the website can be used to itself, that's not the problem of the hoster!
0
matthew1471Commented:
True dynamic content can be exploited to gain access... If the system is compromised, then it's up to the webhost to fix it... If Passwords have been compromised or the site has been used to launch attacks then change passwords and debug source code

Examine your web logs, but if the box is really *hacked* it's time to contact webhost technical support seen as I imagine you dont have access to the actual machine (More than likely the hacker got in through an open exploitable service) I'd be very surprised if they got in via script exploitation... or maybe just think of who you might have disclosed your password to
0
ahoffmannCommented:
poor *acker if you find something in the logs ;-)

> .. I'd be very surprised if they got in via script exploitation
hehe, most likely the simplest way today (no firewall or IPS wich disturbs:-))
0
matthew1471Commented:
>> .. I'd be very surprised if they got in via script exploitation
>hehe, most likely the simplest way today (no firewall or IPS wich disturbs:-))

well seen as most of the pages are all HTM and don't appear to be dynamic ;-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.