Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Website hacked

  1. #1
    Join Date
    Jun 2007
    Posts
    5

    Default Website hacked

    Our website was hacked yesterday with a script that effected all our links. When you clicked on a link, it redirected you to linkbucks.com and ran an add for 30 seconds and redirected you back to our site. I have a couple of questions about this.

    1. How can I find out how or what vulnerability they exploited
    2. Can I find out who did it
    3. Am I better off going with a dedicated or VPS hosted solution.

    Any insite or help would be appreciated...Thank!

  2. #2
    Join Date
    Feb 2006
    Location
    Somewhere where I don't know where I am
    Posts
    2,154

    Default

    Quote Originally Posted by schwooba View Post
    1. How can I find out how or what vulnerability they exploited
    What software are you running? Any Plugins?
    Quote Originally Posted by schwooba View Post
    2. Can I find out who did it
    Probably not. You can look though your logs and get the IP address and report them to their ISP, but I doubt any thing would happen.
    Quote Originally Posted by schwooba View Post
    3. Am I better off going with a dedicated or VPS hosted solution.
    It wouldn't matter. If you run unsecure scripts you'll get hacked anywhere.
    Sign Up Now!
    Unlimited Storage, Unlimited Transfer, Host Unlimited domain names, 1 Free Domain Name
    BlueHost Features | BlueHost Help Desk | Become a BlueHost Affiliate | BlueHost CEO Blog
    (888) 401-4678 | Create a support ticket

  3. #3
    Join Date
    Feb 2006
    Posts
    627

    Default

    Find the ID number for the linkbucks link then report them to linkbucks abuse. That way whoever did it wont get paid ... it wont do much but it should make you feel a little bit better :)

  4. #4
    Join Date
    Jan 2008
    Posts
    17

    Default I've gotten hacked 3 times on Bluehost..

    and all my scripts are up to date.

    funny thing, I have exactly the same scripts running on 3 sites on another host, and none of them have ever been hacked. and if it was a keylogger, why haven't my other sites been hacked?

    anyway, schwooba, this is what I've learned to do.

    first, change the password to your site. If it is a keylogger, it won't matter how secure your scripts are if they can log into your site.

    2nd, if your site is fairly stable (you aren't changing scripts, or webpages).. look at the modification date on your files. Are there some that have been modified in the last few days? This has zeroed it in for me everytime.

    This last time was a similar hack to yours, in that when you went to my site, you got rerouted to an "antivirus site" that really isn't legit. What they hacked was the .htaccess file to reroute everything on my site.

    hopefully you have a backup you can use to replace the hacked files, or you can go in and manally fix them (I have done this).

    then.. when you are done and you think your site is ok, back up your databases, and back up your files, and save this on your pc.

    The problem is that the backup wizard doesn't work half the time.. so, you might have to compress your files manually. but the backup of any MySQL databases is pretty easy.

    If you take backups regularly, then.. you can always recover.

    but.. it is a real irritant, I agree.
    Lynne

  5. #5
    Join Date
    Feb 2006
    Location
    Somewhere where I don't know where I am
    Posts
    2,154

    Default

    Just because your scripts are up to date, doesn't mean that they are secure.

    Your site getting hacked has almost nothing to do with the hoster. The only thing that I can think of is that Bluehost is one of the largest shared host in the world, with over 1 millions domains company wide (BH,HM,FD). Chances are, the attackers are going to find your site at Bluehost.

    It's also not necessarily the hosters responsibility to make sure that your site doesn't get hacked. It's your responsibility to make sure that 1. your scripts are up to date, and 2. They are secure. You take a risk by installing 3rd party software on your account.
    Sign Up Now!
    Unlimited Storage, Unlimited Transfer, Host Unlimited domain names, 1 Free Domain Name
    BlueHost Features | BlueHost Help Desk | Become a BlueHost Affiliate | BlueHost CEO Blog
    (888) 401-4678 | Create a support ticket

  6. #6

    Default

    Quote Originally Posted by areidmtm View Post
    Your site getting hacked has almost nothing to do with the hoster.
    Are the 3rd party apps offered by bluehost via Simple Scripts secure and up-to-date?

  7. #7
    Join Date
    Feb 2006
    Location
    Somewhere where I don't know where I am
    Posts
    2,154

    Default

    Quote Originally Posted by String.Parse View Post
    Are the 3rd party apps offered by bluehost via Simple Scripts secure and up-to-date?
    Well that depends. If you install other third party plug ins then you're own your own. Simple Scripts is just a utility that installs the script for you. Weather or not the script is up to date and secure is another story. Simple Script will have their scripts updated faster then Fantastico, but to make sure you have the most recent version and all the security patches, you will have to go to the makers website.

    As I said, Simple Scripts is only a utility to install the script for you, it wont secure.

    If you're worried about security with 3rd party script, then it's best to just not use them at all. However, then isn't always practical with everyone is it. If you do install 3rd party scripts, then make sure its a trusted script and it's up to date straight from the makers with all available security patches and don't use any non-authorized plug ins.
    Last edited by areidmtm; 08-01-2008 at 08:53 PM.
    Sign Up Now!
    Unlimited Storage, Unlimited Transfer, Host Unlimited domain names, 1 Free Domain Name
    BlueHost Features | BlueHost Help Desk | Become a BlueHost Affiliate | BlueHost CEO Blog
    (888) 401-4678 | Create a support ticket

  8. #8
    Join Date
    Jan 2008
    Posts
    17

    Default

    Yes.. I looked at extcalendar a long time ago when I saw it in Simple Scripts.. dang, it was an orphaned project a while ago. The demo page gives you an error, you can't even get to the support forum.. I thought, nahhh.. don't want to mess with that. But, I can see where people would see this offered and not know.. think it was ok because, after all, it is on the BlueHost Cpanel.

    The thing that bothers me is that Fantastico, who Bluehost uses in advertising why they are better, does not necessarily install the most up-to-date secure script. When I looked at it a while ago.. I noticed that most of the few I looked at were out of date. I usually manually install, but I was curious about Fantastico after reading it about it in Bluehost advertising.

    I just looked at Fantisco now, and they offer to install Drupal 6.2. However Drupal 6.3 is the current version. reason? security fixes. Bluehost Fantastico will install phpbb 3.0.1. However phpbb 3.02 is the current, most secure release. Bluehost Fantastico will instantly install gallery 2.2.4 for you, but it is gallery 2.2.5 that is the most up-to-date secure versions.

    The thing is, I don't know whose fault it is that these "easy install" options are out of date, but if hosting services offer this as a sell point, then they should check to see if they are up-to-date.

    Here is one place where BlueHost specifically mentions their "auto install with Fantastico" as a selling point for their sites:

    Bluehost: View the Competition (why we are better)

    Extras

    HostGator
    HostGator provides Fantastico, which contains 35+ auto installations.

    Bluehost
    Bluehost offers Fantastico, an auto installation utility with over 35 scripts available for instant usability. A formmail script and several others are available as well.

    Why this Counts
    Extras are the whipped topping and cherries on a nice, cold sundae. They entail pre-made scripts that professional programmers have made available free of charge, so that you can have a good looking, functional website at the click of a button. Unfortunately, not all hosts are well equipped, so if you don't know exactly what you want yet, or how to program it, you'll want a host that can offer these extras.
    File Manager is also buggy. you think you've deleted something, and when you check, it is still there. No error given if there is a problem. Easy for a person to think they've done something... and not do it, and have no indication that they haven't. This could also cause security problems.
    Last edited by Lynne; 08-01-2008 at 11:21 PM.
    Lynne

  9. #9
    Join Date
    Apr 2008
    Location
    Morgan Hill, CA
    Posts
    1,038

    Default

    I have to wonder how long ago that helpdesk article was written. I suspect that it's rather old and out of date.

    Bluehost specifically developed SimpleScripts to overcome the time lag in getting security updates through Fantastico. Their current recommendation is to use SimpleScripts rather than Fantastico. (Eventually, it wouldn't surprise me if BH dropped Fantastico completely.)

  10. #10
    Join Date
    Jan 2008
    Posts
    17

    Default

    Simple Scripts is the one that has ExtCalendar. I don't know if ExtCalendar is even supported anymore. It looks dead as a doornail. Defunct.

    and.. I looked at my cpanel on another host (for another site). The versions for the programs I mentioned are up to date.

    so, I assume from that, that Blue Host must not have Fantastico up to date? (which isn't good since it installs so many scripts and is fairly well known).
    Lynne

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •