My site has been hacked

Ya, you got hacked.

When you click their alias's you can email them. Either they are trying to prove they can exploit a security issue/weakness and be able to hack your site or they want you to email them for them to return your site to normal....for a price.

Suggest you contact your host.
 
change your passwords, make sure its something complex. Then email your host.

It's likely that if your host's website is down that they have a big problem. Do you have backups of your website?
 
Have you got backups? Can you FTP in to check they really didn't delete anything (read the page - says they just replaced the index pages)?
 
I hope my payment details are safe. There are so many hosting companies about, can you reccomendsome good ones in case integrahost dont come back?
 
blade007 said:
Cpanel exploit?
Click to expand...
There have been some nasty cPanel exploits recently, the latest being in September, but this doesn't seem like any of those - the ones I saw had very specific signatures, such as injecting code through iframes from certain sites, bragging about r00ting cPanel, etc - looks more like a server/root exploit or weak /bruteforce password:)
 
At least my emails are still working. Im not sure if they got into cpanel because no settings/password have been tampered with. Could this be done without using the cpanel password?
 
I'm not sure what to do. I can't send them emails because theydont get sent with a 'domain not found' error. Do I wait or look for a new host? My domain name was free with the package, so what are the chances of transfering it? When I signed up it said that I could buy the domain if I left but how can I if they dont come back?:(
 
yeah. it a nightmare getting hold of domain name that's not registered to you .. but it is yours.

had to go through this once (to take control of a client's domain, and the guy declared that he wouldn't bother ever again ... endless phonecalls, and emails .. for them to fill in appropriate paperwork with nominet.
 
I'm not an expert at HTML and all that jazz.... but I was curious about your hacked web page. Have you looked at the source at all? some interesting links in there... like these three:

http://www.9q9q.org/index.php?image=p7EVSrtVROml
http://members.lycos.co.uk/billy4max/M6roDe.ram
http://media.islamway.com/several/220/13.rm

First one goes to an Arabic site of some form. Can't read Arabic, so can't say much more.
The third one is a Islamic radio station. This is the music you are hearing.

But it is the second one that is most interesting. This one links to a tune that you do not get to hear, but go to the site, and it is wedged full of the guys hacking tools and exploit code. Be careful as there are viruses in there as well.

Only problem is that most of the code seems to be Russian, so a lot of the comments are Cyrillic text.

I assume that once his bot has cracked your site, code is then copied from this depository and dropped onto the hacked site. There are all kinds of tools on here - including password crackers. For anyone interested in how sites get hacked... this could be interesting. (I have just leeched the whole site for a bit of reading later.... :D)
 
There has been a lot of talk about Integrahost.com in the past couple of days. The word on the street is that the company has been bought out, although nobody seems to know who bought them. There has been no official word of the takeover, but all of their customers' sites are down and a lot of them are getting increasingly agitated – people have been trying to find correct contact details for the company, threats of legal action have been thrown around etc.

The general consensus is that Integrahost have always been an awful company, and this incident is the last straw for the majority of their customers. It seems most people are looking elsewhere for hosting, although it appears them registering your domain name in their name is not an isolated case. A few people are trying to contact them in a vain attempt to retrieve database backups, but otherwise I don't think anyone who posted in that thread sees much in Integrahost's future.

It's rather interesting that your site appears to remain online, mind you. Perhaps your site hasn't been hacked, and this is simply an issue with the Integrahost DNS servers? Running a traceroute on your domain name only reveals that it points to http://ns5.integrahost.com. That's rather peculiar...

*av
 
You must log in or register to reply here.
Back
Top Bottom