Hackers on my website

[misscoco]

Hi, first time poster here, hope I'm in the right thread topic!

I need some help here!

Yesterday morning a hacker somehow got into my index page of my website (www.hotrodmama.com) and changed it to their page. It said "Hacked by Warrior, everythingforTurkey". Thankfully I had a backup of my index page and uploaded it back into my ftp site and overwrote their coding. Everything seemed fine, I ran Norton on my website and it all checked out okay.

This morning I woke up, only to find that they had hacked it again. This time a different picture of a communist flag was on there, but the same wording "hacked by warrior", etc. Again, I overwrote their coding with my backup and it's all fine again. Also, I noticed that when I do a websearch for hotrodmama.com, the first thing that comes up is this 'hacked by warrior, everythingforTurkey" link. Only it links to my website.
I also did a websearch on the hacked by warrior, and hundreds of sites they hacked came up.


My site is my livelyhood for me and my 2 children. When it is not working, or if a customer tries to view my site and this hacker stuff is up there, I obviously don't make any sales. Also with the websearch on my site saying 'hacker', I am sure that that isn't good for my business either.

So my question, and I am VERY desperate, is if there is some sort of free html or script code I can enter on my index page so they can't hack it again? I am not very computer smart, but I did my site with basic html coding using homesite 5.0.


Any ideas on what I can do to prevent the hackers from doing more of the same damage, or any way to make it where I don't have to check my website every 5 minutes to make sure everything is running okay?



Thanks so much for listening to me vent!

Coco

[Maverick811]

Are you hosting the site yourself, on your own equipment or is your site hosted by a web hosting provider?

Sounds like the attacker is using a flaw in an unpatched server to gain access and 'own' the page...

[misscoco]

My server is www.isgcomm.com, been with them since 1998 and this si the first problem I have even encountered with them.

I changed my passwords on my ftp site and on my account page on isgcomm.com too. I wasn't sure if that had anything to do with anything.

[Maverick811]

Originally posted here by misscoco
My server is www.isgcomm.com, been with them since 1998 and this si the first problem I have even encountered with them.

I changed my passwords on my ftp site and on my account page on isgcomm.com too. I wasn't sure if that had anything to do with anything.

Changing your account passwords was my next suggestion, so I'm glad you did that. Now, let me ask you this, is it possible that the workstation you use to build and upload your webpages has been compromised? You said that you ran Norton on your website - do you mean your local PC? If your local PC has been compromised, it is possible that there is a keylogger running and sending information back to an attacker - if this was the case, then changing your passes, etc. would be useless because the new passes would be sent right back to the attacker.

Have you contacted your webhost and informed them of the issue yet?

[kr5kernel]

Also check if there are newer versions of any third party scripts you are using, things like shopping carts, phone book type things are often used as exploits.

For example the miscreant may have used a known exploit in a shopping cart php script that allows him to upload files to your directory on your webserver.

This guy seems pretty popular so I wouldnt take it personally...

Contact your web service provider as well and let them know, it could be something on their end that needs to be patched and is something they need to be informed of.

[zENGER]

I took a quick look at your site and it seems to be all html. This to me means that it probably isn't any of your code that is allowing the attacker to get in.

I'd take mavericks suggestions to check out everything on your end first so that you don't have egg on yoru face later. Then I would contact the hosting company and tell them they had an intrusion on their server and toss the ball in their court. Chances are you don't have access to much on the box that its hosted on and thus don't have much control over the security there. You are responsible for secure code and a secure password. The remaining security of the box is up to the hosting company. If they decide its not their problem, then I'd find a new hosting company.

[misscoco]

I just purchased the new homesite 5.0 program about 3 weeks ago, and I haven't updated my website for several months. My current computer was purchased in march of this year and I haven't added any new programs other than the homesite and my ftp pro uploading program. BUT, when I purchased the new ftp software and installed it, all of my old information was still on it from the previous version I had of it on my old computer. make sense?

When I ran Nortons, I did a complete scan on my computer and also on the saved html pages that I have in my ftp program. This computer has never had a virus, BUT my old computer died in march (I'm sure it could still be fixed, I just wanted a new computer) from what I believe was spyware (endless pop-up ads everywhere), I'm not sure though as I never had it checked out.

I sent 2 emails to my host, one yesterday, one today, neither have been responded to yet.


Thanks for listening to me babble!!

[Kthln01]

hopefully, if its a server-side issue, they will fix it quickly.

This being your livelihood, i'd hate for it to have a drastic effect on current and future clientele.

[misscoco]

That's what I'm hoping!! That it's the servers issue and not mine!!


I'm going to email my host again and see what's up over there.

[misscoco]

Oh, i forgot to add that my shopping cart is paypal. If that means anything!