[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 560
  • Last Modified:

our website is hacked what to do?

Hell all
our website http://www.alamargroup.com/
how this happened and how can we restore our website

the home page turned into some English and Arabic words as follwos
Hacked By Ml7s HackerS

{ ¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ }


DrZer0 ~ Ml7s HackerS


Email : X M 8@HoTmAiL.CoM  screencapture of the hacked site
2 Solutions
You don't have any backups of your site?
Change all passwords associated with the hosting account. Use a combination of letters, numbers and punctuation if possible. Avoid names and words you would find in a dictionary.

Take note of the date and time the index file was modified. It will give you a clue as to what area of your server logs will help determine the vulnerability the hackers exploited.

Look for your original index file on the server. I have seen hackers actually be "nice" enough to move the original files and replace only the index page. If your original files are not there, restore from backup.

Look for directories that you did not create and are not part of your hosting account. Many times, scripts are installed in directories to process traffic through your server. If you find them, take note of the time they were created/modified before you delete them. Look in your access logs to see what was going on around that time.

If you have any third party scripts running on your site, get them updated. If there are no updates, check and see if the script has a known issue by searching google.  If you created or had the script created, check it for vulnerabilities.

As quickly as you can, remove the hacked message. Upload a new index page that says your site is down for maintenance.

Run Windows Update on this server and make sure that all local admin accounts have a password.

Run Windows update again after running it, as some updates do not apply until OTHER udpates are in.

make sure you are on the latest SERVICE PACK.

This hack most likely came in through a buffer overflow of a known exploit, unless you had null admin passwords.
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Hello, if you are paranoid enough setup a new server and restore the site from backups - hopefully you Web server is not also you infrastructure server!. Change all passwords related to the server!. Leave the hacked server running and take a snapshot of the whole System. Since you need something to you can examin ( search for anomalies , review logs, and manipulated files) or if you are company is wealthy enaugh to send the snapshot to a security company. If possible you could also take a snapshot of RAM if you did not reboot yet. But the examination of a security company can easily cost thousands of $. Think of a Web application security Firewall like here: http://www.astaro.com/solutions/web-application-security .
And of course search for the weakness of the Website the hackers could break in.

you dont need to worry about it. looks like a ftp account hacked.
if you are using a control panel. ask the vendor to update the software.

If you are not using a control panel. secure your ftp.
best idea would be to use a thirdparty secureftp rather than windows.

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now