Hacked website sorted..........

[Big Sis..]

Just want to say a big thank you to Caroig, for letting me know my website had been hacked

But a really big thank you to John [Windy] for sorting it for me!!

[and wasting a Sunday Morning ].....

Thanks John youre a star

and another thanks to E Richard who offered his help as well.

Youre all great:) and what LMHat is all about

Thanks Muchly

[Wendy@NorthIdaho]

So sorry that happened! so nice that the forum members here are so helpful, great place!

How did you know your website had been hacked? not sure that I'd have a clue...

Wendy

[Big Sis..]

I didnt Wendy.... Coroig kindly sent me a pm letting me know.

Of course, then when I clicked on the warning came up from my antivirus programme

[Wendy@NorthIdaho]

Had they done anything to your website?

Wendy

[Big Sis..]

Well not permanently thank goodness:roll:
but as I know absolutely zilch about this sorta stuff .

Im just glad I know a man who does

[caroig]

Glad to be of help

[Windy]

The hackers has managed to get access to the htm files and had edited one of them.

Surprisingly they had only added some links to Viagra adverts as black hat SEO (the links were not visible to site visitors but were to serach bots so it took someone passing by with Mcaffee AV to get a warning and let BS know. )

My web hosts insist it is not a security vulnerability on my VPS but must have been caused by a brute force password crack. Anyway - all passwords now changed and all files (hopefullY) now back to normal.

The b*****ds (or some of their friends) also managed to change a .htaccess file a few weeks back with similar effects on another site I manage.

These sorts of attacks do seem to be getting more common. I just thank my lucky stars it wasn't one of the Wordpress sites I host as that would have been a ***** nightmare to sort out!

Amusingly the charming chap from Bangalore I was dealing with at my web host - Keanu I think he said his name was - wanted to remove all FTP access on my reseller account until I pointed out that people buying webhosting from me tend to expect to be able to put files on their own web sites

[Big Sis..]

Thanks again John appreciate you sorting it for me

Rosx

[Wendy@NorthIdaho]

Wow, that is all "greek" to me! I just hope no one does that to my site since I won't have a clue anything is even wrong no doubt. Good job with getting all that sorted out! Big Sis is lucky to have you both around.

Wendy

[Windy]

And a cautionary PS ....

Whilst I thought I had checked everything I managed to overlook a file in my root directory which is where my company website lives.

My company website was the first ever web site in the world to have specialiesed information on my area of expertise and I have had the Google #1 spot for a simple search on the term concerned since 1995!

Because some scrote had hacked my site and added links to viagr@ sites I got a warning from google yesterday that my site is scheduled do be sandboxed for 30 days. I made the required changes and resubmitted immediately, and my site is still in the top spot today, but you can probably imagine the panic. This isn't just vanity - I am currently working on a project that only came my way because the CEO found my web sites and called me. The potential financial impact is enormous, and it would be the same for any of your property web sites if it happened to you.

Make sure your passwords are suitably strong (I'm not sure they can ever be totally secure) and make sure things like WordPress installs are up to date (although there is always a fine line between up to date and bleeding edge here).

Any other suggestions as to how to secure this stuff without locking it down to an unuseable level welcome!

[e-richard]

Did they insert the links into all files or just the index.xxx file ?

Either way, assuming your critical website does not change very frequently, here is a simple hack (in addition to those you have already suggested):

Create a snapshot copy of your root directory in a subdirectory with a silly name (and possibly also passworded sub directory).
Then run a script(*) in the early hours of the morning that simply copies the files from the subdirectory over the files in your root directory. This will simply refresh the website back to its previous state if the spammers have added anything.



(*) If you have a Unix host, the script is a very simple shell script, and you'd run it each night as a cron job. My very helpful webhost support guys did all this for me, but for a different reason. In my case, I'm copying sql databases, but the principle is the same.

[Windy]

Just the index file Richard (as far as I can tell)

I like that idea and amy have to try to work it out with my webhost (who are the same as yours if I recall)

[Cotterdale]

This is dreadful I hope you got it all sorted out. i wouldn't know where to start.
I am still trying to figure out how to do a site map for google i keep trying but give up 1 and half years later still at it

[Cotterdale]

This is dreadful I hope you got it all sorted out. i wouldn't know where to start.
I am still trying to figure out how to do a site map for google i keep trying but give up 1 and half years later still at it