Results 1 to 8 of 8

Thread: How to recover from hacked website?

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    2

    How to recover from hacked website?

    Hi,
    I'm new here... I was browsing around to look for article that show how to increase website security. One of my friend's website is being hacked and all "functioinality" has been suspended by the hacker. Has anyone have any idea on how the hacker might do this or how to recover from this? Do you know any tips to prevent this from happening again? here is the website: www.umich.edu/~permias
    Thanks guys!

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's a php based BBS. Search Google for the exploits against the particular board and you will most likely find the way (s)he gets in.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Recovery is easy:
    Backup your important data
    Reinstall the server using original media
    Update everything.

    Prevention is also rather easy:
    Update your system on a regular basis!
    (this includes php-nuke!).

    How'd "they" came in?
    They probably exploited a recent sql-injection bug in php-nuke.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    what kind of os you running? make sure when you backup you dont update some backdoor with it or some infected file b/c after a break-in nothing in the system can be trusted so be careful where you tread, also review the logs if its *nix, and get one of those forensic anazlyzers, its meant for something in your position, just google it, there are plenty of free ones out there, updates, security and watchful eye are all needed, watch the logs for something that may be devolping again, get some more security, ids (snort), and do some pen tests from home such as after your done locking down the server scan it (nmap, gfi lan guard)

  5. #5
    Junior Member
    Join Date
    Oct 2004
    Posts
    2
    Thanks guys for all your great response. I need to learn alot! It's been a while I havent "updated" my security knowledge... thanks for all your help.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Why do I get the horrible feeling he will backup his site, reinstall the OS, put the site back there as it was and then wonder why the cracker comes straight back in?.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    Why do I get the horrible feeling
    Because that's why your the Tiger Shark, and that's what you sit and wait for, each and every day.
    Unless of course AngelK is giving you a lesson in debating / arguments
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  8. #8
    Junior Member
    Join Date
    Nov 2004
    Posts
    1

    Lightbulb hm..

    Also.. dont and never trust people who wants to "help" you. Just trust only yourself. Never leave backup discs unattended. Never throw old backup disks in the bin without first destroying them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •