Sites hacked

two of my sites have been hacked repeatedly, and their index.php replaced with a "HACKED BY STOUNE" page. I have changed all my passwords repeatedly, and have found out that they have also hacked several other sites on the same shared IP address -- look here http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,stoune/

When you look up the dns info on each of those domains, it's all the same IP.

I'm not sure what's going on but as far as i'm concerned my passwords are pretty tough, using numbers and letters and file permissions are read only.

My ownly suspicion then is that WEB2 is somehow compromised or being targeted.

you can see the replaced (hacked) index page here

anyone else having this problem?
 
I don't see any other hacking complaints right now. But we'll give this a check.
99% of the times, a site is hacked due to some vulnerability in the script you are using.

Please open a ticket, we'll go through the logs and try to determine how you were hacked
 
Just as a note, we deal with "hacks" quite a bit and as Yash said, 99% of the time it is some software being used that is at fault for making the site easy to compromise.

Mambo, Joomla, phpBB, on asp size easyaspsite and some asp based site editors get hacked very very easily in their non updated forms. I am not saying this is all the software that can be hacked by any means but it is among the more popular.
 
ok so the problem has hopefully been resolved, it makes sense that all my file permissions were set wrong, having allowed malicious access to my site root. chmod 644... not 777.. of course.
-- i thought i had my permissions set right, i guess i missed some -- THINK AGAIN!

Thanks guys for the patient help!
 
Back
Top