HELP! ALL OF MY WEBSITES WERE HACKED!

[Nicotine]

every one of my sites on my nestico.com whm

PLEASE HELP ME
I am 20 years old hacker from east
europe
i am very ill and need money for
operation
thats why i defaced your webiste (as one of
many) - i hope you are not angry on me
even 1 USD is important for me ... please
donate me and/or tell your friends about be
also if you dont want to waste your money then
i can work and earn
but i need job - i am php/mysql programmist

if you want i can do every website in
php/mysql/dhtml technology
i just want to live - i dont want to
die
please help me
sorry for defacement - oryginal index file is
saved as index.old.yourindexfileextension

best regards
tiamak


if you want to help me please email at tiamak@anonymous.to for more details

[alexs]

Your index files we're replaced with his index file so either up load a new one and problem fixed. Or, if your index files are in php you'll have to go into your ftp account and delete the .html files.

Alex

[Ed]

Polite hacker, though. Saved the old index file. I deleted his 3 (.htm, .html, and .php) and restored the original one. Everything seems OK, but when I get home, I'll upload the whole site again to be sure. Also, change your passwords. May not make any difference if he came in a back door, but it never hurts. I thought my password was good (mixed characters, etc.), but apparently not good enough. Is there anything else we can do to secure our sites?

[CRySSiS]

Yes, make sure all scripts you run on your site are the most recent stable version.

Check on Google for things like "hacking [your script name here]". If anything comes up make sure it has nothing to do with the version you have. Also check the creater's site for any info they have on script security.

Don't give your password out, or anything else to that nature.

[Maven]

I just checked one of my friends accounts here, I have a reseller account here referred by him. He auto-installed Invision Board 1.1.2 on a site on his account. The version the auto installer ran for him is missing security patches. I updated his board, maybe someone should update the installer? The topic on their site is here:

http://forums.invisionpower.com/inde...howtopic=78454

Cheers

[Maven]

There's also a vulnerability in ipchat.php, that the auto installer puts on the server. He doesn't use the chat, so I just deleted it. Maybe you should update the auto installer, or remove ipchat.php from the install.

The invision topic is here:

http://forums.invisionpower.com/inde...howtopic=77376

Hope this helps

[Nicotine]

They hit every one of my sites, even ones that only have an index html page and one image and nothing else. No scripts, nothing.

It looks like the hacker found a backdoor into our server(s) and planted their index files in the root.

It looks like Hostgator went ahead and restored all of my original HTML files back to the originals, saving us the trouble of doing it ourselves.

Thanks HOSTGATOR for fixing it so quickly!! This is one of the reasons I chose Hostgator to host my sites. A+ service.

[GatorBrent]

The hacker took advantage of a newly discovered vulnerability. It has since been patched and the affected files restored. The hackers ip has also been banned from the server.


First security incident we've ever had it affected a single server.

[blutat2]

All my sites were hacked also. I only noticed when one of my customers pulled there site up today and there it was. Thanks Hostgator for the quick response.


Jack Beaman
SCSiteDesigns.com
MyAuctionsPlus.com

[CRySSiS]

Quote:

Originally Posted by Nicotine

They hit every one of my sites, even ones that only have an index html page and one image and nothing else. No scripts, nothing.

It looks like the hacker found a backdoor into our server(s) and planted their index files in the root.

It looks like Hostgator went ahead and restored all of my original HTML files back to the originals, saving us the trouble of doing it ourselves.

Thanks HOSTGATOR for fixing it so quickly!! This is one of the reasons I chose Hostgator to host my sites. A+ service.

All they have to do is get one site. Once they have that, they can do what ever they want.

[GatorBrent]

It was done using /tmp directory. They never had a single password, and got through using a customers insecure script.

He tried doing more damage but the server was secure enough from him being able to do much more then changing peoples indexes.

He's "hacked" 400 servers in two weeks time period including about 70k sites. We don't have 400 servers =)
Only porsche was affected till we ran the fix , patched the exploit (tmp),

We are working on getting horde and file manager to be exlclude but this might take a few days.

[taylorcrowe]

Hi I'm new to Gator as well. But for the past four days I have had no problems uploading my site to your servers. Then today for no reason at all I cannot upload a single file or html using Dreamweaver, not sure if its because you were hacked or not, but another Gator member told me (make that two) that they cannot upload using dreamweaver as well. I need to know if the hacking is what caused the problem and if there is a fix. I unfortunately do not know how to use any other ftp's to upload my site. And Dreamweaver for me is userfriendly. Any help with this would be appreciated. Thanks again.

[GatorBrent]

No has nothing to do with it. Dreamweavers FTP works the same as any other ftp so if you can't connect something isn't configured right.

[/url]http://www.demodemo.com/tutorials_dreamweaver.htmlhttp://<br /> Go there to watch a m...f all problemshttp://www.demodemo.com/tutorials_dreamweaver.html