Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Site Has Been Hacked, What To Do?


  • Please log in to reply
4 replies to this topic

#1 rubicond

rubicond

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 14 April 2006 - 09:18 AM

Hi,

I am running a sort of non-for profit information gateway, trying to help an oppressed ethnic group in Asia.

The message board at my site was hacked (when one tried to access it, in front of the message board appeared a page of a right wing ultra-nationalistic Turkish internet site). I alerted my host, and it restored my original message board, but I lost all the messages for April.

What can I do to make the people who hacked me pay, or at least have their site shut down? I don't expect compensation, but it would be great if they get a fine. I think that the Turkish site hacked me, since their homepage has message sent from other people, asking them to stop hacking their sites.

Is there anything I can do? To whom do I have to write?

Thank you very much!

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:23 PM

Posted 14 April 2006 - 11:20 AM

The only thing you can do is make sure you have adequate backups, and patch whatever hole they came through in the first place. There is nobody that is going to pursue a simple defacement. There are way bigger fish to fry, and limited resources.

There are tons of hacking groups, so if you don't even know for sure who it was, how are you going to know who to go after?

It's a harsh fact; You can try and complain, but the time would be better spent on preventing it from happening again.

#3 rubicond

rubicond
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 14 April 2006 - 08:14 PM

Thank you. It's sad that these people can get away with it.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:23 PM

Posted 14 April 2006 - 08:23 PM

:thumbsup: Sad isn't quite the word I would use.. more like damned disgusting. :flowers:

#5 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 21 April 2006 - 10:00 AM

{/snip}post was deleted ? {/snip}
It takes some forensic work to discover how they got in. Review of server logs and all files in your public_html, etc... Usually takes a little time to figure out.

As far as preventive steps, it really depends on what you have on the server and what platform it is running. One of the biggest things to to make sure you have appropriate file permission set on your public web documents and folders. If all you have are HTML documents, read only is perfect and make sure your server has all it's security patched installed.

If you are using any dynamic scripting like php, asp or even cgi, that is where the preventive steps get a little more complicated and it starts with making sure the script itself is written with security in mind.

If you are running Apache, http://www.modsecurity.org/ is a really nice prophylactic against hack attempts.

Edited by ColdinCbus, 21 April 2006 - 10:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users