our website is hacked what to do?

Hell all
our website http://www.alamargroup.com/
how this happened and how can we restore our website

the home page turned into some English and Arabic words as follwos
Hacked By Ml7s HackerS

{ ¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ }


DrZer0 ~ Ml7s HackerS


Email : X M 8@HoTmAiL.CoM  screencapture of the hacked site
Who is Participating?
austinstaceConnect With a Mentor Commented:
Change all passwords associated with the hosting account. Use a combination of letters, numbers and punctuation if possible. Avoid names and words you would find in a dictionary.

Take note of the date and time the index file was modified. It will give you a clue as to what area of your server logs will help determine the vulnerability the hackers exploited.

Look for your original index file on the server. I have seen hackers actually be "nice" enough to move the original files and replace only the index page. If your original files are not there, restore from backup.

Look for directories that you did not create and are not part of your hosting account. Many times, scripts are installed in directories to process traffic through your server. If you find them, take note of the time they were created/modified before you delete them. Look in your access logs to see what was going on around that time.

If you have any third party scripts running on your site, get them updated. If there are no updates, check and see if the script has a known issue by searching google.  If you created or had the script created, check it for vulnerabilities.

As quickly as you can, remove the hacked message. Upload a new index page that says your site is down for maintenance.

You don't have any backups of your site?
Run Windows Update on this server and make sure that all local admin accounts have a password.

Run Windows update again after running it, as some updates do not apply until OTHER udpates are in.

make sure you are on the latest SERVICE PACK.

This hack most likely came in through a buffer overflow of a known exploit, unless you had null admin passwords.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

JelcinConnect With a Mentor Commented:
Hello, if you are paranoid enough setup a new server and restore the site from backups - hopefully you Web server is not also you infrastructure server!. Change all passwords related to the server!. Leave the hacked server running and take a snapshot of the whole System. Since you need something to you can examin ( search for anomalies , review logs, and manipulated files) or if you are company is wealthy enaugh to send the snapshot to a security company. If possible you could also take a snapshot of RAM if you did not reboot yet. But the examination of a security company can easily cost thousands of $. Think of a Web application security Firewall like here: http://www.astaro.com/solutions/web-application-security .
And of course search for the weakness of the Website the hackers could break in.

you dont need to worry about it. looks like a ftp account hacked.
if you are using a control panel. ask the vendor to update the software.

If you are not using a control panel. secure your ftp.
best idea would be to use a thirdparty secureftp rather than windows.

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.