Site was defaced

Smokey

Smokey

Seasoned Veteran
Joined
Jul 28, 2009
Messages
2,804
Reaction score
476
FP$
1,380
My site got hacked, once more, Friday morning. I believe I know the culprit of how they managed to gain access to my entire hosting account. What I find absolutely troubling is that Hawkhost was too lazy to actually investigate matters further and instead told me to just simply start from scratch. I had my backups on my server in a non-accessible directory outside of public_html and downloaded them/deleted them regularly but they told me that they can't determine WHEN my files became 'infected' with malware and other backdoors/trojans. So they told me to basically just start fresh. So now here I am with a new Revillution as if I just started the site a day or two ago. It's really depressing because this also affects other things like Postloop, not to mention the fact that I've lost nearly 20k in posts and over 200 members. 🙁

I'm pretty disturbed over this fact and I've been looking for a new host to use as a back-up if this happens again.
 
Sorry to hear about your trouble Smokey. They maybe not able to tell when the infecting started, but they can look at the last backup you or they have and try to find the issue and fix it. If that backup is infected.

At least they can do is try.
 
Hi, Smokey - It is very unlikely that they changed anything via your mysql database. It is usually just the files that are effected. You can import your old database without fearing another attack.
 
This is bad news.

Bit off-topic but related:
Btw guys a backup of a project of mine keeps telling me that my file isn't often downloaded, as in there is something in it but when I scan it it says there is nothing in it of malicious content? °_°

Its annoying to dismiss that notice each time I take a backup of the project its files.

Anything I should look for in it? Its MyBB.
 
On one hand, I agree with you, they should definitely look into it. On the other hand, I understand why they are like that. Look at your server logs which are accessible through cPanel. You can upload a full backup, including your MySQL database as Shady pointed out. Since you're on MyBB, run a file verification test, which I believe is in the Tools & Maintenance tab. After that, look through all of your files to try to locate a shell. The server logs will help with that, you'll probably see one IP requesting a strange file a bunch of times in a row.

Good luck!
 
Who said I was on MyBB? I'm not on MyBB I'm using Xenforo.....
 
My bad, I thought I read MyBB somewhere in this thread. Weird. Well the process is the same, Xenforo might have a tool for it too, I don't know.
 
pandaa said:
My bad, I thought I read MyBB somewhere in this thread. Weird. Well the process is the same, Xenforo might have a tool for it too, I don't know.
Click to expand...
They do. Admin CP > Tools > File Health Check.

Not sure how it compares to MyBB's test or how thorough it is, never had to use it, but it does exist nonetheless.
 
Smokey said:
My site got hacked, once more, Friday morning. I believe I know the culprit of how they managed to gain access to my entire hosting account. What I find absolutely troubling is that Hawkhost was too lazy to actually investigate matters further and instead told me to just simply start from scratch. I had my backups on my server in a non-accessible directory outside of public_html and downloaded them/deleted them regularly but they told me that they can't determine WHEN my files became 'infected' with malware and other backdoors/trojans. So they told me to basically just start fresh. So now here I am with a new Revillution as if I just started the site a day or two ago. It's really depressing because this also affects other things like Postloop, not to mention the fact that I've lost nearly 20k in posts and over 200 members. 🙁

I'm pretty disturbed over this fact and I've been looking for a new host to use as a back-up if this happens again.
Click to expand...
You should be able to use your database without being scared. Usually people place files in the public_html folder which leak information back to the culprit. Just delete ALL files in your hosting account and then upload xenforo again and upload your database. You WILL have errors if you had addons and mods. Just simply add the files from the trusted downloads of the mods and then re-install them to solve the errors. Doing this will make sure your account is not infected.
 
Thanks for the tips guys but my co-admin wants to just start the site over completely, which is fine. We have some new plans for it so we'll finally be able to implement those. 🙂
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom