our website is hacked what to do?

Posted on 2011-05-02
Last Modified: 2012-05-11
Hell all
our website
how this happened and how can we restore our website

the home page turned into some English and Arabic words as follwos
Hacked By Ml7s HackerS

{ ¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿ ¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ }


DrZer0 ~ Ml7s HackerS


Email : X M 8@HoTmAiL.CoM  screencapture of the hacked site
Question by:samady2008
    LVL 8

    Expert Comment

    You don't have any backups of your site?
    LVL 6

    Accepted Solution

    Change all passwords associated with the hosting account. Use a combination of letters, numbers and punctuation if possible. Avoid names and words you would find in a dictionary.

    Take note of the date and time the index file was modified. It will give you a clue as to what area of your server logs will help determine the vulnerability the hackers exploited.

    Look for your original index file on the server. I have seen hackers actually be "nice" enough to move the original files and replace only the index page. If your original files are not there, restore from backup.

    Look for directories that you did not create and are not part of your hosting account. Many times, scripts are installed in directories to process traffic through your server. If you find them, take note of the time they were created/modified before you delete them. Look in your access logs to see what was going on around that time.

    If you have any third party scripts running on your site, get them updated. If there are no updates, check and see if the script has a known issue by searching google.  If you created or had the script created, check it for vulnerabilities.

    As quickly as you can, remove the hacked message. Upload a new index page that says your site is down for maintenance.

    LVL 5

    Expert Comment

    Run Windows Update on this server and make sure that all local admin accounts have a password.

    Run Windows update again after running it, as some updates do not apply until OTHER udpates are in.

    make sure you are on the latest SERVICE PACK.

    This hack most likely came in through a buffer overflow of a known exploit, unless you had null admin passwords.
    LVL 6

    Assisted Solution

    Hello, if you are paranoid enough setup a new server and restore the site from backups - hopefully you Web server is not also you infrastructure server!. Change all passwords related to the server!. Leave the hacked server running and take a snapshot of the whole System. Since you need something to you can examin ( search for anomalies , review logs, and manipulated files) or if you are company is wealthy enaugh to send the snapshot to a security company. If possible you could also take a snapshot of RAM if you did not reboot yet. But the examination of a security company can easily cost thousands of $. Think of a Web application security Firewall like here: .
    And of course search for the weakness of the Website the hackers could break in.

    LVL 4

    Expert Comment

    you dont need to worry about it. looks like a ftp account hacked.
    if you are using a control panel. ask the vendor to update the software.

    If you are not using a control panel. secure your ftp.
    best idea would be to use a thirdparty secureftp rather than windows.

    LVL 27

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now