my website has been hacked

natashamcdonald
natashamcdonald used Ask the Experts™
on
Hi

My website www.beaufieldmews.com has been hacked and now most of the links in the menu are gone there are only 2 left.  Also an email was sent from the infor address to all the subscribers it wasnt sent by us it was the hacker the email said
Dear Natasha McDonald,

Ubuntux.

To unsubscribe click here

http://www.beaufieldmews.com/index.php?confirmation&action=unsubscribe&id=UTFVZwEz 

Sincerely,

The Beaufield Mews

 can someone help me get rid of this.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sudaraka WijesingheWeb Application Programmer

Commented:
Do you have access to your server or the hosting account? If so, I suggest you change your access credentials immediately and restore the web site from a backup.
If you don't have access to the server you may try to get the access back by contacting your service provider. You will need to prove that you are the legitimate owner of the web site.
Darude1234IT Employee (Developer & Helpdesk)

Commented:
Also after the actions above, check your website for security leaks else the hacker can strike again.
Who is hosting the account?

When was the last valid change you made to the site?

Can you request that the hosting company restore the site from a backup?

Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
And when you have the website back, find a new webhost with better security.
yodercm: I'll bet it's more the users weak passwords, not using SFTP and SSH for changes. Get your passwords at grc.com/password

Commented:
there is no database usage from your site, its not by sql injection, i doubt it was password weak or leak by backdoor from your pc.
Google reconnaissance shows http://www.beaufieldmews.com/admin/index.php -- it's possible the attacker gained access here using weak passwords (or via ftp.beaufieldmews.com)

Author

Commented:
Hi Thanks for all you comments i have reloaded the files from my laptop but it hasnt got rid of the problem i dont know how to get rid of this can anyone help me?
What are you trying to get rid of?  If the site is backed by a database (which most modern sites are), then it could be that something has been changed in the database itself: reloading old PHP/config files won't do much; instead you'll have to reload an old copy of the database itself.

Once something has been sent via email, it is a safe bet that they'll be archived forever by something.  Also, once the subscriber list has been taken, there's not much that can be done: if the "hacker" is smart, they'll save it somewhere instead of relying on continued access to the site/database to retrieve it.
Are you SURE you got your copy uploaded? I have a feeling that the website index.php may have had it's rights changed. I'd first try to erase the website version, then upload yours.

The html source only had the two links. This could be because of something in your php code. If it doesn't get fixed, post you php code here for review.
Sudaraka WijesingheWeb Application Programmer
Commented:
Please check and make sure the backup you restored from (on on your laptop) was taken before the hacker attached the web site.
If you have any older backups which you are know for sure that is from before the hack.

Maybe try to bring up the site on another server or on your laptop itself to make sure.
TolomirAdministrator
Top Expert 2005

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial