breach of my website

Hey folks first timer here.. In need of All your expertise, so don't hesitate to give your best shot, for at this point of frustration I'm all ears...

Just a quick background; I've owed my site for about 10 years, only with one major problem since, having the web builders stay around long enough so when I needed help they were around, well not so! This is this domains second site version since 1999, and they (web builder) are nowhere to be found either.

So now the problem: It seems that somehow, someone has hijacked my site.

When confronting my host (Godaddy.com) they mention of my password of that site in which they host was weak and someone was able to I guess break in.

So I went to my admin. account to see if I would be able to remove the scrip and all that stuff (see below) and guess what? My admin. account page was gone! all they left was that junk below...
Also all the other pages have a scripting, and the Home page has hidden script written and also a hidden icon Ask.com.....

So what can I do to get my controls back and what can I do to remove whom ever they are, and where are they on my computer?

I have small knowledge in this sort of stuff so be kind to me when suggesting to do this or that, I am not a Geek as you all are of which I respect now :)

Thx for any help you can give, in dire need... Heads/Tails

(from the Admin page)
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/sessions.php on line 73

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/sessions.php on line 73

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/general.php on line 128

EDIT: Removed malicious link

Edited by garmanma, 24 June 2009 - 05:48 PM.

I m stunned.. I actually stump all you geeks out there? I though this would be challenging but fixable for all you who love this stuff, and yet everyone is going after the easier stuff and staying away from this prob.. What's going on guys, come on! Challenge yourselves and help me out here....

Not everyone in this forum is used to working with servers, HTML code and whatnot
Those that are usually don't hang around here much
I will pass this along to some other people and see if we can get you some help

Edited by garmanma, 24 June 2009 - 07:22 PM.

First immediately change your godaddy password to something else.

Then connect via FTP and download the entire site. Then contact godaddy and explain the site was hacked and you would like to return your hosting account to defaults so that there is no content and everything is back to how it would be if you started a new account. You could just delete all of your files, but I cant tell you what files specifically are your content and godaddy folders.

Finally, you will need to go through each of your files and see if the html contains the scripts and clean it.

Just so you know, the hack does this:

The front page of your site has been hacked to show three links that go to pharmacy sites.

Then it uses php to download and show links from a site in germany for 3 porn sites.

Then it runs two javascripts to open iframes to two sites. Both of these sites are down.

The last thing it does is use some php to try and execute commands found at another site. The file containing the commands does not do anything at this time.

Thanks Grinler for the info; unfortunately not sure on how to download; (Then connect via FTP and download the entire site.)... And also ( Finally, you will need to go through each of your files and see if the html contains the scripts and clean it) how to step though the files...

I know I'm asking a lot but no webmaster and all in the past have been a disappointment in leaving me hanging, so have tried to do the best I can with the little I know.. thanks again for all your input... Heads/Tails

I alos want to thank garmanma for putting out the word in trying to get me help... I apreciate it very much... HeadsTails

Sorry we could not have been more helpful

Sorry for the delay. Lack of internet over the weekend

To FTP your data off, log into the Godaddy and select Hosting -> My Hosting Account. Then click on the Manage account link. This will launch the control panel.

Once in the control panel click on the Content tab and then the ftp client. This will load a java based ftp client that you can use to download your site. On the left pane select/create a folder on your local comptuer to download the data. In the right pane, click on item to select, and then click on the Control+A buton on your keyboard to select everything. Then click the << button to copy the files from your godaddy account to your local computer.

Once you do that we can continue cleaning the files.