Status
Not open for further replies.

Lottoplus

New Member
I have about 5 websites across various platforms with Hosting 365 and all have been hacked today!!,:mad: first I thought it was just one but now I see its all of them. I've sent support tickets to 365 but haven't received a reply yet so will ring them first thing in the morning.

Will it be possible to restore all the websites on one hosting package back to a day before?. From what I can see all the configuration files have been hacked but haven't had time to investigate more closely.

I've checked the server where other people's sites are hosted and alot of them have been hacked also

here's an example (not one of mine) http://irelandbulgaria.com/

Any other ideas of what I should do?
 

garycocs

New Member
Same happened a wordpress one of mine recently, I kept on getting the to restore from back up but my mistake was I never knew when they actually hacked the site so I couldnt get a back up of before the hack.

Best thing you can do is check the cpanel for new email addresses and ftp usernames etc. Change the cpanel name. Remove all files (better to be pointing at nothing than pointing at a hack in my opinion) and then do a restore if you have the files or wait for a backup from 365 if you dont.

That's my 2 cents anyways.

One thing I dont plug people but Lets Host - Irish Web Hosting, Website hosting provider based in Ireland were EXTREMELY quick at getting back to me when I noticed the hack and were very supportive during the whole thing.

Best of luck with it anyway.
 

mneylon

Administrator
Staff member
Is it a hack or more of the Gumblar stuff? ie. uploaded files via FTP + changed .htaccess to redirect to other sites?
 

Lottoplus

New Member
Is it a hack or more of the Gumblar stuff? ie. uploaded files via FTP + changed .htaccess to redirect to other sites?

Its a hack the Configuration file has been deleted and replaced with the hackers call card. The back end is also hacked. All the files seem intact but I'm unsure about the databases yet.
 

link8r

New Member
Make sure you don't have your FTP information saved in ANY application (FireFox, IE, FTP apps etc)

Make sure folders dont have full public read/write/execute permissions where they dont need them
 

Lottoplus

New Member
I rang 365 this morning and explained the situation and the operator took all the details and passed it on to the next department as they have to check everything first.

They will restore everything on my hosting package back to the 28th but at a charge of €60 + vat, which would be fine but I've found at least 10 other websites on the same server that have been hacked in the same manner so to me it looks like their server was comprised. Granted some of my websites didn't have the up todate patches but I've asked them have they done anything to improve security on the server to which I haven't reveived any response except to ask me which credit card to charge?.

I'm afraid this could happen again tomorrow or next week and more money to hand over again. I will ask again if they have done anything to improve security on the servers before I renew my hosting as this will be up in a couple of months I will be looking for a new hosting provider as I don't think security is a top priority of Namesco 365.
 

garycocs

New Member
To be honest I'd move on, 60 euro for their mistake (or maybe yours or someone else on the server) is outrageous.
 

mneylon

Administrator
Staff member
To be honest I'd move on, 60 euro for their mistake (or maybe yours or someone else on the server) is outrageous.
I'd have to disagree.

If the hosting provider was compromised, then , yes they should clean it up, but if they weren't it's only reasonable that they should charge to pull files out of a backup and restore them
 

garycocs

New Member
Ya I suppose that's fair enough if they weren't but if a few sites across the board got hacked then it's either some guy left a hole in his account and should get charged and the rest of them left off or it's the hosting provider.
 

Lottoplus

New Member
I've no problem with the charge if it’s my fault, but if the server was compromised as it appears to me to be, as not just one site was attacked but it looked like it went through every website on the server and attacked the websites that had configuration files. It just seems like a hard case to argue because the host can blame you for anything being the cause of the hack.
 
A

Alan

Guest
How much time would it take for the hosting company to retrieve the files realistically anyone know?

I think a charge is fair enough but should only be directed at the site owner where the original attack came in surely? And they still haven't told you where it came from?
 

muirsolus

New Member
Malicious Content notice from Google

Hi I am new to this forum and found it when I did a search regarding Google notifying visitors to my website not go go there!!

I have spoken to support and they never suggested that it could be the hosting company problem. They advised to remove all files to do with the website and reupload the whole site. This was done earlier today and the website is up and running fine.

They also changed the password for ftp access.

After reloading the website via Google Webtools I requested a review and confirmed that Badware/Malware had been sorted.

Has anyone any advice on what I should do next as apparently it can take ages for Google to stop warning people that this website is dangerous.

Nothing shows up in Bing or Yahoo and my own computer containing the site is well protected.

All advice or information about any of this would be much appreciated.

Cheers.
 

michael.burton

New Member
Hi guys,

Same thing happened to me recently. All my sites were injected with an iframe containing a link back to domains ending in .tn

Trouble was that all the code from the iframe downwards was wiped so all my sites were non-functional.

This all started when I got a virus on my PC. It basically stole all my FTP passwords and sent them off to a bot that caused all the damage. Had to change ALL my FTP / cPanel passwords etc a real pain.

My hosting company refused to help saying that it was my fault for using insecure scripts, even though normal index.html files were infected as well.

Took ages to restore, rebuilt my PC and it's not happened since so looks like I'm all clear.

Just a warning to people with the same problem. As soon as this sort of thing happens change your FTP passwords and the bot will then be blocked. Also get a very good malware detection program on your PC as that's where the problem usually springs from.

Regards

Michael
 

Tom

Member
It took about two days for Google to remove the warning after I requested a review via webmaster tools. Make sure there's no htaccess jiggery pokery going on too. The site I cleaned had a htaccess file above the public_html folder that was redirecting search engine traffic. I didn't notice the redirect initially because I wasn't entering the site via a search engine.

Run your website through the free diagnose tool on Dasient Web Anti-Malware (WAM) it worked pretty well for me detecting the dodgy files and the redirects.

Also make sure you've got the latest versions of all your software installed, hackers try to find exploits in popular software such as acrobat reader/flash player etc.
 

Hsekhar

New Member
What CMS based sites are those (Wordpress, Joomla, Drupal etc)? It sucks to be in a position like that, especially those are your money making sites. These kind of threads remind me how important it is to update your sites (if CMS based) and to learn about the security of sites.
 
Hosting365

A friend of mine also had sites on Hosting365 that were hacked.

Make sure you remove ALL files from the sites - hackers try to hide code wherever they can which will continue to compromise your sites.

I feel sorry for anyone in this situation as you're usually too busy to do proper up to date backups and it's such a frustrating waste of time.
 
Alexa traffic rank info

BTW, forgot to mention if you're using the FireFox plugin "SearchStatus" which displays PageRank and Alexa traffic rank info, you should make sure to disable this when you want to do a secure login.

This is because your login details (incl FTP) can be intercepted. Better safe than sorry ;)
 

immediate

Member
That is too bad. One of the main reasons for keeping backups is not actually for data loss but data degradation such as this.

Do you have any backups, you need to restore the most recent version to replace the hacked files.
 
Status
Not open for further replies.
Top