hacked by osm@n

[bjshea]

My front page (www.regularguycolumn.com) is gone due to this hacker. Anyone know how I can retore my geeklog front page now? Everything else seems intact.

[bjshea]

My site was hacked. It looks like onlt the geeklog index files were attacked.Does anyone know how I can get the code for those back so I can restore the files without having to do a site restore?

www.regularguycolumn.com

[dalmatiandigital]

I had this happen a while back to a site hosted elsewhere, and it was due to a PHP vulnerability on my site (I was running a stand-alone php calendar in it's own directory). Are you running php apps? If so, dig around and see if there are some new files that you didn't install/upload.

[nine]

did you not have a backup? btw check your logs - catching those clowns is always fun

[bjshea]

did you not have a backup? btw check your logs - catching those clowns is always fun

I do, but am on vacation and am looking for the easy way out.

I plan on doing that. They hack the bulletin board attached to my main page as well. Ugh.

[nine]

ah okay. yeah that's bad when this stuff happens and you're away...
good luck catching him tho!

[nicco]

i was surprised to see all the index.html replaced on my 5 domains by this osm@n character.
didnt do much else but replace these files... and i stuck an index.html files in every folder (that didnt have one) to redirect to my maindomain.com

i have no idea how they got in. i was told they brute forced their way in, buy my password was 10 characters with numbers, and lowercase&caps throughout.

if they did get into my account, how come they didnt delete all my files?
i think maybe it was a script that just changes the index files.

anything one can do to tighten things up?
thanks

nicco

[BearState]

I hope you changed your password.

I've changed mine a couple times now having just read this thread.

[nine]

anything one can do to tighten things up?

yes, read some security books so you can understand how they do it

Edit:
Here are some good ones. Try these:
http://www.amazon.com/gp/product/020...741721?ie=UTF8
http://www.amazon.com/gp/product/007...741721?ie=UTF8

[nicco]

thank for the links Nine..
i have a lot going on now, but i do need to read something like that.

and yes, Bearstate, i did change the password.
the thing is, now that i did, my geeklog site will not connect to mysql database because the password is incorrect. when i looked at it in one of the files, the password is scrambled. (i wonder if they can see this scrambled password and decode it?) now i have no clue what to put in that file to get the new password for my site in there and be scrambles.. GREAT!! (crap)

oh well. bye geeklog site for now. hmmmm, maybe i should back up my site now. i tried a while back, but never found the TAR file to download, nor did i get the email once the BU is done.
I'll do it the old way, via FTP and download all the files to a folder.
edited: now i found in the cpanel uner backup that it allows me to downlaod the file. i guess last time it had to create it? man i'm a mess.. time to call it a day. brain-fried.

if you know how to resolve the password issue, i'd appreciate a little help.
thanks guys.

nicco