HELP!! My sites have been hacked and infected with malware!

[peterjmay]

Bluehost 6 of our websites and all of them except one has been hacked by some guy in russia and infected with malware. http: // www. churchnewspaper .com

I have spoken to bluehost who says we need to update our scripts which we are unable to do as we are not technically savvy. So thought id ask on here to see if anyone can help us out and also to explain in plain english....below is an email stating what we need to do....the problem is though. we dont understand it

Blue host says this:


Cloud: The programs that operate database-driven sites are vulnerable to hackers, who can (and do) exploit bugs in those programs to gain unauthorized access to your site. The best way to protect your websites is to keep them updated - the developers of these programs constantly look for vulnerabilities and release patches or updates. This is a very easy thing to keep up with for programs installed through Simple Scripts.

We can check for restore points on your account to see if it may be possible restore your site, but this does not always guarantee the sites are then clean nor does it close the original security holes through which the site was hacked. Because this is all 3rd party code, we cannot go through the account & secure it as we do not know what should & should not be on the account. However, we do also have a new service we are affiliated with called 'SiteLock'. This can be found in your CPANEL. It will scan your sites and then give you a REPORT of what is insecure. You can then use this information to close security holes in your content.

Also, there is http://www.wewatchyourwebsite.com/ who help with hacked sites.

Here are some additional ways you can harden your PHP scripts:

1. Set register_globals to OFF
2. Turn off Display Error/Warning Messages. Set error_display to ZERO
3. Never run unescaped queries.
4. Validate all user inputs. Items on Forms, in URLS and so on.
5. Move Config and files containing Passwords to mysql to a Secure directory outside of the public_html folder
6. Access Control, you don't want a user to have access to Admin function or Clean up scripts
7. htaccess is your friend use it to deny people (we also have a easy deny manager too in the cpanel)
8. PHP can parse any valid script, whether it is called foo.php, very_long_name.php.php.php, or even willeymtard.bat. Using the default extension of ".php" means that before your hackers start you have already told them you are using PHP. As mentioned, you can use any filename for your scripts - if you are using PHP for every script on your server, consider using the ".html" extension for your scripts and making PHP parse HTML files you can change your file extension by adding this line to the htaccess or turn it on via the add type handler in the cpanel (AddType application/x-httpd-php .php)
9. To protect against SQL injection attacks Sometimes hackers will try to screw up you database by inserting SQL code into your form input fields. They can for example, insert code that could delete all the data in your database!
Cloud:
To protect against this, you need to use this PHP function:
mysql_real_escape_string()
This function escapes (makes safe) any special characters in a string (programmers call text a 'string') for MySQL.
Example:
$name = $_REQUEST['name'];
$safe_name = mysql_real_escape_string($name);
Now you know the variable $safe_name, is safe to use with your SQL code.

10. Keep the PHP code to yourself. If anyone can see it they can exploit vulnerabilities. You should take care to store your PHP files and the necessary passwords to access your MySQL databases in protected files or folders. The easy way to do this is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server’s document root (and thus not accessible to surfers of your site), and refer to the file in your PHP code with a require_once command. By doing things this way, your PHP code can read the included file easily but hackers will find it almost impossible to hack your site.

You can find more information about hardening your PHP scripts at: http://phpsec.org/projects/guide/

[alemcherry]

If you are not technically savvy, only option is to hire a professional. Bluehost is a host, they won't be able to fix your scripts and it will take many hours / days / weeks for an expert, depending on the scripts you are using. My advice, get a pro from Elance. Also double check your local system and make sure that there are no trojens. Use more than one antivirus / tools.