PDA

View Full Version : website hacked


wmacquinn
02-18-2009, 10:58 PM
Okay so a website I am staff on is now hacked. it's finestbattles com. How do you stop this. I know the best way to stop a hacker is to know how they do it. Are there any good books out there someone would recommend to teach me what they do so I can block it. Or better yet, help me block it all together. Thanks in advance

14049752
02-18-2009, 11:52 PM
Do you run the server yourself or is it hosted somewhere?
If it's not hosted by you, you can start by having strong usernames and passwords.

If you host it on your own hardware, obviously the strong passwords still apply, but you need to check a lot more. Check to see what ports are open, if there are any that you don't use, fix them.
Make a list of all of the software you use (Apache, Wordpress, your OS, any remote admin software, etc) and then search for exploits, security patches and major updates. Make sure all of the passwords and admin defaults are changed. Set admin/remote access rights to only local users if you can.
That's just a very quick list to get you started. I'm sure others will have more.
Hosting your own site and keeping it secure is a tough job.

Simmy
02-18-2009, 11:53 PM
Have they taken the site down or have you done that until you sort out the problem? It would help to see what they have done and how your site is coded. When my site was hacked, it was the hosting companies fault as they had an outdated version of php that allowed sql code injection.

Changing your ftp/hosting password would be a good start. But essentially you should contact your hosting company (unless you host the site yourself?) as they should have access logs.

wmacquinn
02-19-2009, 12:07 AM
I dont host the site myself. Whoever hacke the site locked it down. When you clivk on it it goes to another sitr the one they are from. It is a rivalry kinda thing it seems. I just wish I could find ou how and who they are.

dhrandy
02-19-2009, 12:26 AM
I would just contact the host provider and then change all your usernames and passwords.

Jory
02-19-2009, 05:32 AM
Nobody will be able to help you because you didn't describe what is actually happening. I tried going to the site, but it seems to be down now. If the "hacker" did that you should probably check your DNS settings, and the email account linked to your registrar's account.

tartis
02-19-2009, 02:06 PM
Most of the hacks that I have seen are SQL injections while using MySQL and PHP. Make sure that you have all your patches if you are running Mambo, Wordpress, OSCommerce, or any other PHP and MySQL site. Make sure that you host has the latest version of PHP. Once it is fixed, make backups of your data so that you can recover quicker in times like these.

wmacquinn
02-20-2009, 05:41 PM
Problem fixed. Turns out the so called hacker was on staff for the site. He got an offer to go to another site and decided to mess with us before he left. We recovered with a backup from the day before and ip banned him. Just in case we have all staff routinely changing their password more often,

dhrandy
02-20-2009, 05:48 PM
Problem fixed. Turns out the so called hacker was on staff for the site. He got an offer to go to another site and decided to mess with us before he left. We recovered with a backup from the day before and ip banned him. Just in case we have all staff routinely changing their password more often,
Wow. That sucks.

Simmy
02-20-2009, 05:56 PM
What a little b***h. Glad to hear it's all sorted :) I would probably expect a months free hosting for that :p

Flyingbull
02-20-2009, 08:12 PM
What a little b***h. Glad to hear it's all sorted :) I would probably expect a months free hosting for that :p

Six, easy. That is a serious problem with security there. Shoot, if they accept Credit cards it might be a serious breach of PCI security.

l337
02-20-2009, 10:28 PM
EDIT: decided to remove this. just google stuff itll work