Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Website Hacked by Persian Boys Hacking Team www.c2sfa.com

Posted on 2009-04-08
4
Medium Priority
?
1,506 Views
Last Modified: 2013-12-04
Dear Friends

Last two hours back our website c2sfa.com is hacked by Persian Boys Hacking Team.  and right now it is displaying their message.  Can you pleaes help me as how this has happened as I am completely clueless with It.  Earlier also we could find out some hacking attempts to website through our logs.  It will be of great help to me if you could trace out any security flaw which is there in the website

Thanking You in Advance

Dilip
0
Comment
Question by:dilipsjain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 24197509
fixed now?
0
 
LVL 20

Accepted Solution

by:
jdera earned 2000 total points
ID: 24275509
Your best bet for checking your website is to run HP WebInspect or IBM Appscan, both have trials.  If you want something totally free check out Paros Proxy.

0
 

Expert Comment

by:techboi7
ID: 24786007
What software are you using to host your website?  IIS for example?
Check the Root of your website path (default for IIS would be "C:\\Inetpub\wwwroot" and then maybe a folder that you have the actual site installed in.

Anyway, check for files such as default.htm, default.html, index.htm, index.html, main.htm, main.html...
You should be able to right-click these files and the open them in NotePad.  After opening them in notepad, you may see the html code for their message that they have showing up on your site (or the files that they uploaded should show their html code).

Our site was just hacked and was showing a message by these guys.  Thankfully they weren't able to overwrite our main page file (index.php) but you may not have been so lucky.  All we did was delete the files they uploaded and our main index.php file loaded again by default in the web browser (we deleted the files after backing them up just in case we would need them again).

They got in through a hole in our IIS that allowed the to use the PUT command.  Post a reply if you have any question.  I hope I wasn't confusing in my descriptions.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question