Solved

my website has been hacked

Posted on 2011-09-05
13
428 Views
Last Modified: 2013-11-16
Hi

My website www.beaufieldmews.com has been hacked and now most of the links in the menu are gone there are only 2 left.  Also an email was sent from the infor address to all the subscribers it wasnt sent by us it was the hacker the email said
Dear Natasha McDonald,

Ubuntux.

To unsubscribe click here

http://www.beaufieldmews.com/index.php?confirmation&action=unsubscribe&id=UTFVZwEz 

Sincerely,

The Beaufield Mews

 can someone help me get rid of this.

Thanks
0
Comment
Question by:natashamcdonald
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 18

Expert Comment

by:Sudaraka Wijesinghe
ID: 36486030
Do you have access to your server or the hosting account? If so, I suggest you change your access credentials immediately and restore the web site from a backup.
If you don't have access to the server you may try to get the access back by contacting your service provider. You will need to prove that you are the legitimate owner of the web site.
0
 
LVL 8

Expert Comment

by:Darude1234
ID: 36486098
Also after the actions above, check your website for security leaks else the hacker can strike again.
0
 
LVL 19

Expert Comment

by:Michael701
ID: 36486117
Who is hosting the account?

When was the last valid change you made to the site?

Can you request that the hosting company restore the site from a backup?

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 36486173
And when you have the website back, find a new webhost with better security.
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 250 total points
ID: 36486281
yodercm: I'll bet it's more the users weak passwords, not using SFTP and SSH for changes. Get your passwords at grc.com/password
0
 
LVL 7

Expert Comment

by:boon86
ID: 36486361
there is no database usage from your site, its not by sql injection, i doubt it was password weak or leak by backdoor from your pc.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 36486443
Google reconnaissance shows http://www.beaufieldmews.com/admin/index.php -- it's possible the attacker gained access here using weak passwords (or via ftp.beaufieldmews.com)

0
 

Author Comment

by:natashamcdonald
ID: 36489919
Hi Thanks for all you comments i have reloaded the files from my laptop but it hasnt got rid of the problem i dont know how to get rid of this can anyone help me?
0
 
LVL 9

Assisted Solution

by:crazedsanity
crazedsanity earned 125 total points
ID: 36490122
What are you trying to get rid of?  If the site is backed by a database (which most modern sites are), then it could be that something has been changed in the database itself: reloading old PHP/config files won't do much; instead you'll have to reload an old copy of the database itself.

Once something has been sent via email, it is a safe bet that they'll be archived forever by something.  Also, once the subscriber list has been taken, there's not much that can be done: if the "hacker" is smart, they'll save it somewhere instead of relying on continued access to the site/database to retrieve it.
0
 
LVL 19

Accepted Solution

by:
Michael701 earned 250 total points
ID: 36490255
Are you SURE you got your copy uploaded? I have a feeling that the website index.php may have had it's rights changed. I'd first try to erase the website version, then upload yours.

The html source only had the two links. This could be because of something in your php code. If it doesn't get fixed, post you php code here for review.
0
 
LVL 18

Assisted Solution

by:Sudaraka Wijesinghe
Sudaraka Wijesinghe earned 125 total points
ID: 36491070
Please check and make sure the backup you restored from (on on your laptop) was taken before the hacker attached the web site.
If you have any older backups which you are know for sure that is from before the hack.

Maybe try to bring up the site on another server or on your laptop itself to make sure.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 36902241
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question