All of my site has been hacked, please help me

jamesalan

Member
Jun 27, 2011
7
0
51
Hi all of my sites that hosted on cpanel has been hacked. I have some wordpress and joomla site on the sever and the hacker hack the entire sites by deleting all the files and folder of my server and placing one index.html file that showing "Hacked By Harde2008 - Kurdish HackerZ".


I already informed my hosting server about it, but after they recovered my sites, again a few hrs the sites hacked. I a really feeling worried. I see on my sever some suspicious file like harde.php file on the root and on some inner files.

Please inform me how to get rid from such type of hacking and how to make my server more secure from further hacking.

Thanks
 

Infopro

Well-Known Member
May 20, 2003
17,113
511
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
I have some wordpress and joomla site on the...
You should make sure all of those sites are up to date with the latest versions, including ANY mods they use for them. Users don't like to bother updating when they think the site is working perfectly, or they want functionality a mod provides and and don't bother to check for updates to it. That mindset can get a site destroyed quickly once the bad guys find it.
 

AunRaza

Member
Feb 4, 2011
8
0
51
There are something you can do to ensure that it wouldnt happen again, Immediately change FTP password of your effected account to a stronger one. Make sure all passwords are mix of alpha-numeric and not a dictionary word. check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspec.In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats.Use SFTP instead of normal FTP to upload files to your account.Download all your web data locally and scan it using an updated anti-virus software.
 

AunRaza

Member
Feb 4, 2011
8
0
51
First of all ensure to change your password, and keep strong passwords, Download all your web data locally and scan it using an updated anti-virus software. Ensure you all third party scripts are on the latest stable releases as in the case of outdated versions such issues are more likely to occur. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.
 

Smaily

Well-Known Member
Sep 19, 2011
46
0
56
cPanel Access Level
Root Administrator
Most likely config files where database access is written in are all 777 chmodded. Suggest you to turn on suphp from whm and turn off suexec. Users who have vulnerable permissions will get error message 'internal server error' until they fix permissions to more secure. I noticed attacks too few months ago on servers which I didn't had suphp enabled.

Files you have get swapped too when you have 777 permissions. Its basically write rights to everyone.
 
Last edited:

jamesalan

Member
Jun 27, 2011
7
0
51
Sorry for late reply, but now my server is fine. Actually I uploaded some wordpress theme files which were supposed to be infected and after that all of my sites had been infected. I contacted to my web hosting company and they recovered all of my sites