Solved

my website has been hacked

Posted on 2011-09-05
13
410 Views
Last Modified: 2013-11-16
Hi

My website www.beaufieldmews.com has been hacked and now most of the links in the menu are gone there are only 2 left.  Also an email was sent from the infor address to all the subscribers it wasnt sent by us it was the hacker the email said
Dear Natasha McDonald,

Ubuntux.

To unsubscribe click here

http://www.beaufieldmews.com/index.php?confirmation&action=unsubscribe&id=UTFVZwEz

Sincerely,

The Beaufield Mews

 can someone help me get rid of this.

Thanks
0
Comment
Question by:natashamcdonald
13 Comments
 
LVL 18

Expert Comment

by:Sudaraka Wijesinghe
ID: 36486030
Do you have access to your server or the hosting account? If so, I suggest you change your access credentials immediately and restore the web site from a backup.
If you don't have access to the server you may try to get the access back by contacting your service provider. You will need to prove that you are the legitimate owner of the web site.
0
 
LVL 8

Expert Comment

by:Darude1234
ID: 36486098
Also after the actions above, check your website for security leaks else the hacker can strike again.
0
 
LVL 19

Expert Comment

by:Michael701
ID: 36486117
Who is hosting the account?

When was the last valid change you made to the site?

Can you request that the hosting company restore the site from a backup?

0
 
LVL 27

Expert Comment

by:yodercm
ID: 36486173
And when you have the website back, find a new webhost with better security.
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 250 total points
ID: 36486281
yodercm: I'll bet it's more the users weak passwords, not using SFTP and SSH for changes. Get your passwords at grc.com/password
0
 
LVL 7

Expert Comment

by:boon86
ID: 36486361
there is no database usage from your site, its not by sql injection, i doubt it was password weak or leak by backdoor from your pc.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 36486443
Google reconnaissance shows http://www.beaufieldmews.com/admin/index.php -- it's possible the attacker gained access here using weak passwords (or via ftp.beaufieldmews.com)

0
 

Author Comment

by:natashamcdonald
ID: 36489919
Hi Thanks for all you comments i have reloaded the files from my laptop but it hasnt got rid of the problem i dont know how to get rid of this can anyone help me?
0
 
LVL 9

Assisted Solution

by:crazedsanity
crazedsanity earned 125 total points
ID: 36490122
What are you trying to get rid of?  If the site is backed by a database (which most modern sites are), then it could be that something has been changed in the database itself: reloading old PHP/config files won't do much; instead you'll have to reload an old copy of the database itself.

Once something has been sent via email, it is a safe bet that they'll be archived forever by something.  Also, once the subscriber list has been taken, there's not much that can be done: if the "hacker" is smart, they'll save it somewhere instead of relying on continued access to the site/database to retrieve it.
0
 
LVL 19

Accepted Solution

by:
Michael701 earned 250 total points
ID: 36490255
Are you SURE you got your copy uploaded? I have a feeling that the website index.php may have had it's rights changed. I'd first try to erase the website version, then upload yours.

The html source only had the two links. This could be because of something in your php code. If it doesn't get fixed, post you php code here for review.
0
 
LVL 18

Assisted Solution

by:Sudaraka Wijesinghe
Sudaraka Wijesinghe earned 125 total points
ID: 36491070
Please check and make sure the backup you restored from (on on your laptop) was taken before the hacker attached the web site.
If you have any older backups which you are know for sure that is from before the hack.

Maybe try to bring up the site on another server or on your laptop itself to make sure.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 36902241
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Read about achieving the basic levels of HRIS security in the workplace.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now