GDPR Cookie Consent by SimpleServe Privacy Script Email saying website hacked ? genuine - AAD Consumer Forum

Announcement

Collapse
No announcement yet.

Email saying website hacked ? genuine

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Email saying website hacked ? genuine

    Originally posted by rizzle View Post
    lol. Suppose would only make sense to anyone has done some sort of code.
    Wonder if it's a "padding" div, or maybe a new HTML5 "figure" class

    I'm the forum administrator and I look after the theme & features, our volunteers & users and also look after any complaints or Data Protection queries that pass through the forum or main website. I am extremely busy so if you do contact me or need a reply to a forum post then use the email or PM features offered because I do miss things and get tied up for days at a time!

    If you spot any spammers, AE's, abusive or libellous posts or anything else that just doesn't feel right then please report them to me as soon as you spot them at: webmaster@all-about-debt.co.uk

    Comment


    • #17
      Re: Email saying website hacked ? genuine

      More like HTML48

      Comment


      • #18
        Re: Email saying website hacked ? genuine

        SHIT!!!!!!!!!
        Just had an email from my webspace provider...following on from this the hackers have been crawling all over my webspace secreting php files into my other domains and sending mass mailings. They locked it down today (unbeknownst to me) and I'm now in the process of going through every single flaming folder hunting the files down.

        Comment


        • #19
          Re: Email saying website hacked ? genuine

          Bl00dy hell Shep the boogers!!
          "If wishes were horses, beggars would ride"

          Comment


          • #20
            Re: Email saying website hacked ? genuine

            It's really worrying. It's a criminal gang and they say they'll try and come back.

            Comment


            • #21
              Re: Email saying website hacked ? genuine

              empty threat usually....they'll move on and find another account you see

              Comment


              • #22
                Re: Email saying website hacked ? genuine

                Blahhhh!
                All files found and nuked, passwords changed. Barstewards just stole 3 hours of my life.

                Dinner time...

                Comment


                • #23
                  Re: Email saying website hacked ? genuine

                  Had files whizzing through my head all night!
                  This was one of the emails I got from my web provider:

                  malicious
                  Software (malware) has been installed on your webspace representing a severe
                  threat to the security of both your private data and the visitors of
                  your websites!

                  One of the purposes of this malware is to spy out confidential data of any
                  visitor of your websites and forward it to the perpetrators. For your own
                  security and in order to prevent further harm, we have temporarily locked your
                  1&1 contract.

                  Right now, our security experts are investigating the attack and the nature of
                  the malware. We will get back to you and unlock your contract, as soon as we
                  received their results.

                  For the time being, we assume that your 1&1 webspace will be reconnected within
                  the next 12 to 24 hours.

                  We would appreciate your understanding for the necessity of this measure. Before
                  the lock, your 1&1 webspace presented an imminent danger for the rights and the
                  property of third parties.
                  Your own data was also exposed to the arbitrary
                  access of the hackers. Last but not least, you were in danger of being held
                  liable for criminal actions resulting from the phishing. It is after these
                  considerations that we processed the lock.
                  It was the last 2 sentences that worried me!

                  The files I found & nuked included:
                  ali.zip
                  ../Ali/update.php both in the root of an html site
                  In wordpress:
                  wp-admin/includes/gamingaudio.php
                  wp-content/plugins:
                  84b51faa9d71add1407178aea0a2fd64.php
                  5b9c469c0d312a87bbb49941035d668b.php
                  5a220a099563f6389bd266dc3837f5b8.php
                  wp-rss.php
                  probot
                  7a5d94678ce789fb0024c3b945a9250f.php
                  c3b123fe391477d5003f0db959149342.php
                  .wp-rss.php
                  installer/s_code.php
                  themes/twentyten/languages/menu.php
                  themes/update.zip
                  themes/update/*
                  /js/tinymce/plugins/directionality/signup.php
                  /js/tinymce/utils/menu.php
                  /js/tinymce/utils/santander/*
                  /js/tinymce/utils/js.php
                  /wp-edit.php
                  /wp-test.php

                  Apparently they got in via "Timthumb"

                  Now there's no wordpress or any php files on there anymore except one which is for a flash based message box in an otherwise html site.

                  Although it's needed, I'm thinking I should maybe disable this...am I right in thinking it's potentially exploitable?

                  Shep x
                  Last edited by Undercover Elsa; 8 February 2012, 09:19.

                  Comment


                  • #24
                    Re: Email saying website hacked ? genuine

                    They used this to place the files then?

                    Attack Targets TinThumb Vulnerability | Malware Blog | Trend Micro
                    I'm an official AAD Moderator and also a volunteer, here to help make the forum run smoothly. Any views or opinions are mine and not the official line of AAD. Similarly, any advice I have offered you is done so on an informal basis, without prejudice or liability. If in doubt seek advice from a qualified insured professional - Find a Solicitor or go to the National Probono Centre.

                    If you spot an abusive or libellous post then please report it by Clicking Here. If you need to contact me, for instance if I've issued you a warning, moved, edited or deleted your post, please send me a message by clicking my username.

                    Comment


                    • #25
                      Re: Email saying website hacked ? genuine

                      Yep, according to one email I got from 1&1:
                      2. Required measures
                      ************************************************** ****************************
                      In order to reactivate your websites and re-establish the security of your 1&1
                      account, observe the following instructions.

                      2.1 Delete all aforementioned files. Note that hackers usually come back to a
                      webspace they exploited successfully.

                      2.2 Upload a more secure version of the following modules of your software:

                      - TimThumb

                      You will further information on

                      http://code.google.com/p/timthumb/

                      2.3 Please urgently change your Administration Password to the indicated software.

                      2.4 Also check whether the hackers have changed the content of your data base.
                      Please look out for the following:
                      - Are there new users?
                      - Has malicious content been inserted to your data base?

                      Comment


                      • #26
                        Re: Email saying website hacked ? genuine

                        I write websites for clients as a side job, and use Opencart quite alot for shopping based websites.

                        Usually the attack or hack occurs when a file included with the install is vunerable to attack, mostly incorect script formatting which allows a user to insert code to the page, (injection)

                        This can result in new pages being added.

                        Its not normally a case of login details being hacked, most times they dont even need it.

                        Its always good to check the files on ftp relate to those that should be there, and delete any that shouldnt.

                        You can also check logs to see if you have been hacked.

                        And in some cases, its your webhost that have been hacked, ive seen hundreds of hacked sites hosted by the same company because their security was lacking and gave them access to all domains.

                        You dont really need to reply to these emails that tell you, you have been hacked, just check the info the gave and make any alterations that are needed to correct the issue.

                        You can also contact your host, and they will check their logs to see if they can find an i.p address that doesnt relate to usual workings of the website, and hopefully, blacklist it.

                        1 and 1 in my expierence are really rubbish at resolving anything, i stay well clear of them, as far as i know, they use virtual servers to host their domain names, always a bad way of doing things, as if they get compromised, every domain hosted on the same virtual server is open to attack.
                        Last edited by SXGuy; 8 February 2012, 10:58.
                        I'm an official AAD Moderator and also a volunteer, here to help make the forum run smoothly. Any views or opinions are mine and not the official line of AAD. Similarly, any advice I have offered you is done so on an informal basis, without prejudice or liability. If in doubt seek advice from a qualified insured professional - Find a Solicitor or go to the National Probono Centre.

                        If you spot an abusive or libellous post then please report it by Clicking Here. If you need to contact me, for instance if I've issued you a warning, moved, edited or deleted your post, please send me a message by clicking my username.

                        Comment


                        • #27
                          Re: Email saying website hacked ? genuine

                          Hmmm interesting!
                          I have to say though that on this occasion they were very good. Been with them since around 2002 and never had a problem with them.
                          I also have an account with Lunar Pages, who have been good too. They use Cpanel, and I get prompted any time wordpress or anything else needs updating, then it's all automated. 1&1 is a bit like a Moggy Traveller isn't it..very basic!

                          Comment


                          • #28
                            Re: Email saying website hacked ? genuine

                            I use a company called Agilityhoster for my webhosting, they charge around $5 a month for more than what a website would need.

                            They do allow automatic installation of wordpress etc, but they tend to not be updated as quickly as if you were to install manually direct from the offical websites.

                            I also combine the webhost with another company i buy domain names from as you tend to find its cheaper buying them from seperate sources rather than all together.
                            I'm an official AAD Moderator and also a volunteer, here to help make the forum run smoothly. Any views or opinions are mine and not the official line of AAD. Similarly, any advice I have offered you is done so on an informal basis, without prejudice or liability. If in doubt seek advice from a qualified insured professional - Find a Solicitor or go to the National Probono Centre.

                            If you spot an abusive or libellous post then please report it by Clicking Here. If you need to contact me, for instance if I've issued you a warning, moved, edited or deleted your post, please send me a message by clicking my username.

                            Comment


                            • #29
                              Re: Email saying website hacked ? genuine

                              This was the exploit used:

                              http://www.exploit-db.com/exploits/17872/

                              Comment


                              • #30
                                Re: Email saying website hacked ? genuine

                                Hmm not sure either..I'll find out soon though as I'm overseeing a transfer for a pub site as the landlord has sold the pub.
                                Poor guy is hopeless with t'internet, and after giving me his 1&1 access details I found that the t**t who'd set his first site up (a pub regular) had signed him up for Microsoft Exchange in addition to the Business package...for a 2 page "business card" site. Costing him an extra £9.99 a month for something he didn't need, obviously to get a higher affiliate referral fee.

                                I've had it with wordpress, it's too tempting a target. I mostly only do favours for friends and family now so think I'll move everything to Lunar Pages, who have been brill.
                                Just got a good deal on a new central heating boiler though, in return for doing a site for the plumber

                                Comment

                                Working...
                                X