Website Hacked

Slinky

I set up a small website for a friend a while ago. I updated it about 10 days ago. Just happened to check today and it looks like I've been hacked into.

>:(

Getting the following message:

This site is defaced!!
NeverEverNoSanity Webworm Generation 21

The whole site has disappeared (fortunately I have it on my local drive).

What should I do? I'm wary about attempting to re-upload it in case I get infected with something. I have to turn my firewall and anti-virus stuff off when I ftp anything.

maninblack_3

Firstly you need to speak to yoru hosting company.
Hopefully they should have logs of when this activity ocured.
Also you will need to know whether your password for uploading has simply been guessed or more likely some exploit against the type of server hosting your web site has been used. You then need to question what your host is doing about it. Try and find out what server is beign used, IIS on windows or apache on Linux etc
Have them remove the offending site, change your passwords and reload once they have given you confirmation it wont happen again.

maninblack

Slinky

Maninblack

Thanks for this info. I'll try and speak to the hosting company, although whether they will speak to me I dont know, as they supplied the information to my friend initially and she passed it on. She's not at all techy so heaven help us if they won't speak to me.

Any idea whether this is likely to be a problem with the hosting company, or could I have been hacked. It's extremely unlikely to have been a guess at the password as it is meaningless numbers and letters which the host provided.

maninblack_3

It will be down to what they use to host your site on.
I am guessing it will be IIS on windows but i could be wrong. Seems like it wont have been adequatley protected. If you give me th URL i can at least tell what it is running.
Were you running anything like CGI scripts or SQL databases on it?

maninblack

maninblack_3

Ok i've look ed a little further into this.
I shoudl have spotted it earlier as i am aware of it lol.
You were running some kind forum on the site that was running an older version of PHP and PHPBB.
It is a worm that look s for these vulnerable sites throguh google.
You will need and AV scan doing on your hosted server and you will need to update your Bulletin board with the lates versions of PHP that are not vulnerable

maninblack

alexj2002

You'll find more details here : http://forum.moneysavingexpert.com/cgi-bin/yabb/YaBB.cgi?board=Tech;action=display;num=1103663818

Symptoms and the full details of the worm.

Basically you should have upgraded to phpBB 2.0.11

Slinky

Ok i've look ed a little further into this.
I shoudl have spotted it earlier as i am aware of it lol.
You were running some kind forum on the site that was running an older version of PHP and PHPBB.
It is a worm that look s for these vulnerable sites throguh google.
You will need and AV scan doing on your hosted server and you will need to update your Bulletin board with the lates versions of PHP that are not vulnerable

maninblack

I'm not sure what has happened on this, as I wasn't running any sort of bulletin board (I'm not that clever!!).  It was merely around 4 pages of text and graphics, created in Dreamweaver, no use of CGI or SQL as far as I'm aware (I'm not particularly techy!).

The site is https://www.waywalks.co.uk

StrikeEagle

Whoever hosted your site must have had PHPBB enabled somewhere along the line.

culpepper

Im suprised you have to turn your firewall off when ftping with dreamweaver,I use dreamweaver to up my files with its ftp utility and can tell my firewall to allow it access.

wirm

Im suprised you have to turn your firewall off when ftping with dreamweaver,I use dreamweaver to up my files with its ftp utility and can tell my firewall to allow it access.

same here!