General Discussions

**coldturkey** · 09:33 PM

Okay - so how the **** can they do that?
I have had a site for selling mules (its my dads) and i went to it today to have a look at the guestbook and it comes up totaly different and has been hacked. I cant get into my cpanel either.
I have contacted my hosting company and ask them what is going on and how this could happen.
I dont understand how this can happen and are any of my other sites are risk!
The site is www.mulesspain.com

Im really anoyed now and would love if some one could tell me how this can happen and how i can stop it from happening in the future.
Thanks

**Learning Newbie** · 09-12-2007, 12:32 PM

Dunno, it's kind of impossible to say. Maybe someone guessed your password, maybe they exploited a Linux vulnerability.

**coldturkey** · 09-12-2007, 02:11 PM

Quote:

Originally Posted by Learning Newbie

Dunno, it's kind of impossible to say. Maybe someone guessed your password, maybe they exploited a Linux vulnerability.

That sucks, my hosting provider told me to up load my files again - Dur I cant get into the site to do that!
He said some people can hack though using PHP on a site, if it has any errors -thats stpid - i thought u couldnt see php whenu look at a site, and who would want a site to sell mules anyway! Totaly Mad!

**Learning Newbie** · 09-12-2007, 02:21 PM

They don't care about your mules. They're after your real estate, your ad space. Or just to show off. They'll attack whoever they can. Watch - I'll wind up being next.

Call your host on the phone, unless they have a chat, and tell them your account has been compromised, and either your password changed or your control panel altered somehow. Ask them to completely remove and rebuild your account, then you should be able to upload your files.

And if you do it quick, you can probably beat the search engines wrath.

**jim1228** · 09-12-2007, 09:34 PM

I am sure you are on a shared host. If this is so, make sure all your files/directories are chmod to secure permissions. Its easy for another hosted user on a shared host to do this if your permissions are not secure. Change any that are 777 to more secure permission.

**Giselle** · 09-14-2007, 12:36 AM

You have every right to be mad and upset Coldturkey! I am so sorry this has happened to you, why these people do it, who knows???? If they are capable of hacking into someone's online account, one would wonder why they don't do something more positive with their talents. I was in a graphic site yesterday which was hacked into, the hacker had their name plastered all over the front page.

Hopefully you will be operational real soon, best wishes and good luck to you!

**blackfalcon** · 09-14-2007, 03:11 AM

Quote:

Originally Posted by coldturkey

That sucks, my hosting provider told me to up load my files again - Dur I cant get into the site to do that!
He said some people can hack though using PHP on a site, if it has any errors -thats stpid - i thought u couldnt see php whenu look at a site, and who would want a site to sell mules anyway! Totaly Mad!

Hi ColdTurkey,

It actually is possible to attack a website using insecurely written PHP. SQL Injection, Misuse of variables, no variable filtering can all be part of the downfall. Either way I'm sorry to read when anyone gets hacked, hope things get better soon!

**SeemsOk** · 09-14-2007, 04:31 AM

Hey!
I think that you simple have to check your website for viruses and make backups more often.

**coolkbk585** · 09-16-2007, 11:27 PM

Well, one of the vulnerablilities would be your guest book.

If it doesn't have the right filters in it, they could upload PHP code right into your MySQL database, and the next time that the page is accessed it would run the script.

If you can get code to the server-side, you can pretty much screw up an entire webserver

If you still have access to your MySQL databases, or if you somehow do, then you should check and see if there is any PHP code hidden in there.

**swiftmed** · 09-23-2007, 06:43 PM

yeh i dunno if anybody you know knew your password, but 9 times out of 10 such attacks are done by people you know which knew your password. i now never tell my password to anybody. even my family dont know the password to my computer, or any of my online stuff!

**goheadtry** · 09-24-2007, 09:41 PM

Would it be because your password is so easy admin

**dansgalaxy** · 09-25-2007, 06:41 PM

i belive that is just to his guestbook. i have used that script before completely unsafe... you gbook has simple been spammed... i deleted some for you

Change the password on that. i dont think you have been hacked. Just ask you host to reset you cPanel password if you cant get in, and get a better Guestbook which uses a db and a better login system.
with captcha...

**dansgalaxy** · 09-25-2007, 06:43 PM

Ok, it isnt the gbook i was thinking of by the looks of it as it has (very very crappy) captcha system get a better guestbook