Any Oneelse got hacked latley?

A

AmjadA

Guppy
I have a web site that has been with jodohost for at least 3 years, i never had a hacking problem before but this year i got hacked twice, the first time was around the end of March and the second around the beginning of July.

Both time the only thing was hacked is the index page which was changed, nothing else was changed or deleted which tells me it is kids stuff (but it is a hack).

Jodohost told me in an email "Server is secure and working fine. Only your domain has hacked. It looks some code loop in your domain. No other domain on server had hacked.". My Question is what kind of code that replace my index page for one that display the text "Admin horror" or display a graphic that belong to an organization which tells you why your site was hacked?

If anyone know what kind of code generate this please share it with me, i am not buying this from the jodohost support, they could given me some other reason that is more believable.

Amjad
 
Hello Amjad,

We repeatedly have sent such as this, if you have a site based on any php, it is very likely the cause.

The biggest problem is some terrible programing allowing remote includes, meaning the include may be called like ?=http://www.sitename.com/includes/file.php well, this allows them to put ANY file as an include and then your site is easy to hack, as thy can include in a file editor, etc

We can research and send you logs of it if you now the exact date/time of the last one, we typically try to do this when we restore a site, but if you do it yourself, it is very likely to happen again as the same hole they used the first time is still there and will happen over and over.

If it is using and known app, it is very probable it was found using google to look for certain pages on your site, then they hit it with a few regular holes in that page of X app.
 
Hi Stephen,

Thanks for the reply.

My site is ASP not PHP and it does not use the ? parameter.

Actually i created tickets for both incidents, the first time i waited to see what would the support team say but it was late at night for me and was not sure how long it would take to restore it, so i uploaded the saved index page to the root and went to sleep. The second time i replaced the index page and i made a ticket.

My post here just to find out if it was only me (twice in 4 months) or it happens to someone else, if it is happening with others maybe this is an issue that need to addressed.

Thanks for the replay Stephen.

Amjad
 
I was using php as an example, asp has similar methods msotly via insecure asp uploads. If you can give and exact date/time and the site name to ticket or PM, I can tell you the reason. There is no server side issue causing this, that I can promise you :)
 
Stephen said:
I was using php as an example, asp has similar methods msotly via insecure asp uploads. If you can give and exact date/time and the site name to ticket or PM, I can tell you the reason. There is no server side issue causing this, that I can promise you :)
Click to expand...

I sent you the information you requested, if you need more information just let me know. Thanks.
 
You must log in or register to reply here.
Back
Top