• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

my website is hacked

im in bbs school ( www.bbslebanon.org) the schools website is hacked and threatened to put nasty info and make a bad influence for my school .. and ias a student and IT in the school i need help to get the acess to the control panel of it please help!!
0
cirusxxx
Asked:
cirusxxx
  • 3
  • 2
  • 2
  • +6
3 Solutions
 
tonyteriCommented:
well, you need to have the username and password of the website as well,

You can access it 2 ways:

1) ftp.website.com (webiste is actual name)

2) www.website.com\cpanel or something like that

TT
0
 
PsiCopCommented:
Frankly, I wouldn't bother. The machine is compromised. Even if you get in and get control, you can never be certain, especially with Windoze, that you've plugged the hole they used, or that you haven't missed any backdoors they added.

Instead, wipe the machine and re-build it from scratch. Hopefully, you have your website content backed up elsewhere.

When you go to re-install, consider that almost any other OS is more secure/securable than Windoze. Look into NetWare, Linux, Solaris for x86, etc. You have an opportunity, if you choose to take it.

Even if you do stay with Windoze as your platform, try a more-secure webserver, like Apache.
0
 
shahrialCommented:
Well...this is the result of the query...

Server: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b
Last-Modified: Fri, 22 Oct 2004 09:57:45 GMT
ETag: "5003c-384-4178d999"

...leaving it to the other experts to assist...
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Cyber-DudeCommented:
What OS and WEB server you use?

Cyber
0
 
hgottfriedCommented:
My first question whould be, did the "hacker" contact you? Do you have the e-mail?
What kind of / if any firewall is running on the server?
Do you have IDS running on the server?

What ports do you have open?
0
 
Cyber-DudeCommented:
Sorry, just verified -  shahrial  gave already the OS and the server...

Hmmmm

Let me check on that one...

Cyber
0
 
cirusxxxAuthor Commented:
well guys the thing is that a company made me the site not me ,, am a hrdware expert not a web developer u know ,,, so i donno wt company hosted ma site :S and the hacker didnt contacted me ,,
0
 
Rich RumbleSecurity SamuraiCommented:
The only action for a hacked website when you have little experience with security, and or forensics is to rebuild from scratch. Back-up what you can of course... but you can't completetly trust the data backed up. A firewall, and then a proper audit of the web-page (not only the box, but the source code too) is the true way to prevent this in the future. If the box is with a ISP that is hosting this for you, they must rebuild a compromised box.

To see what I mean about the source code being insecure, check out  www.loginmatrix.com/hackme/
That was a superior tutourial on source code hacking
-rich
0
 
matthew1471Commented:
I think you can pass the blame here, contact your webhost, it's their problem ;-)

Oh and change your password
0
 
ahoffmannCommented:
>  I think you can pass the blame here, contact your webhost, it's their problem
depends ...
if you've any kind of dynamic content, then the website can be used to itself, that's not the problem of the hoster!
0
 
matthew1471Commented:
True dynamic content can be exploited to gain access... If the system is compromised, then it's up to the webhost to fix it... If Passwords have been compromised or the site has been used to launch attacks then change passwords and debug source code

Examine your web logs, but if the box is really *hacked* it's time to contact webhost technical support seen as I imagine you dont have access to the actual machine (More than likely the hacker got in through an open exploitable service) I'd be very surprised if they got in via script exploitation... or maybe just think of who you might have disclosed your password to
0
 
ahoffmannCommented:
poor *acker if you find something in the logs ;-)

> .. I'd be very surprised if they got in via script exploitation
hehe, most likely the simplest way today (no firewall or IPS wich disturbs:-))
0
 
matthew1471Commented:
>> .. I'd be very surprised if they got in via script exploitation
>hehe, most likely the simplest way today (no firewall or IPS wich disturbs:-))

well seen as most of the pages are all HTM and don't appear to be dynamic ;-)
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 2
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now