The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Website Hacked

Discussion in 'Data Protection' started by KenCo, Jul 13, 2007.

  1. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Hi guy's, first post here.....let me start by saying I know nothing about website stuff but today Friday 13th I find my website has been hacked. I can't log in to cpanel or email.
    My website is:
    www.takingthepic.com
    I'd really appreciate any help or advice please.
    I did a search for hacked sites in this forum but being honest I don't understand any of the terminoligy.
    I have emailed and sent support request to Darken host (my provider) but as yet have had no response.
    Please help.
    TIA.
    Ken.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Contact me by private message and I will give you a hand with this issue ...

    The DNS server for your domain does resolve but is very poorly configured
    http://www.dnsreport.com/tools/dnsreport.ch?domain=takingthepic.com

    If I direct connect to the assigned IP of your shared hosting account,
    http://69.72.144.50/, I get the default Cpanel page which tells me
    the Apache server where your account is located is in fact working.

    The following is the raw connection info for your web site ...
    Code:
    Trying 69.72.144.50...
    Connected to takingthepic.com (69.72.144.50).
    Escape character is '^]'.
    GET http://www.takingthepic.com/
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>302 Found</TITLE>
    </HEAD><BODY>
    <H1>Found</H1>
    The document has moved <A HREF="http://server227.server-center.net/suspended.page/">here</A>.<P>
    <HR>
    <ADDRESS>Apache/1.3.37 Server at www.takingthepic.com Port 80</ADDRESS>
    </BODY></HTML>
    Connection closed by foreign host.
    
    As you can see, it's attempting to redirect you to some suspended page that doesn't exist
    whenever you connect to your website which explains why your cpanel login doesn't work ...

    YOUR ACCOUNT HAS BEEN SUSPENDED

    The question is whether the suspension was for you or for your provider. If your provider
    is just a reseller, their provider above them may have suspended their entire reseller
    account including all account beneath them (including yours).
     
    #2 Spiral, Jul 13, 2007
    Last edited: Jul 13, 2007
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    The most important thing here is to determine if your account was hacked OR the whole server was hacked. If its just you then it would likely be an exploitable script like a forum or php code, but if its the whole server then it could be the host had an exploitable kernel or some server task. I would keep trying to reach your host first so they can determine what level this attack took place.
     
  4. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thank mate.....I still have had no response from support slips or emails as yet. I do know someone else who uses them and his website is working fine. Sorry if that doesn't mean anything, like I say I know nothing.
    Ken.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I have done some digging and have confirmed that your host is actually a reseller
    and not a real hosting provider and it would appear that their own reseller
    account has also been suspended as well.

    That said, it also looks like they have multiple reseller accounts with different
    providers and probably split their hosted accounts between those accounts.

    While some of their sites are up, the one located where you are hosted
    is down just the same as your own account which tells me their provider
    at that location has shut them down either for abuse or non-payment.
     
    #5 Spiral, Jul 13, 2007
    Last edited: Jul 13, 2007
  6. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Well that would account for no response from them as yet BUT not for the porn stuff on my site now.
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    What do you mean "porn stuff"?

    I have not been able to duplicate any of that and all I get is just
    the attempt to redirect to the non-existent suspended page
    from their upstream provider

    Do you have a full backup of your site?
     
  8. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Seems an old thread on webhostingtalk.com got revived and there is some bad press about this host as recent as last week:

    http://www.webhostingtalk.com/showthread.php?t=582651
     
  9. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I have all the stuff needed to replace my site but can't get into my site....If you force refresh (CTRL and F5) it sometimes takes you to some porn promotion thing.....
     
  10. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I think that one is actually coming from your own computer
    and is a separate unrelated item ...

    You might want to do a complete spyware / trojan scan.
     
  11. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I have already took those steps just incase using avg and trend micro on-line scan.....I don't get any reports of infection.
     
  12. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Another photographer is also using Darken host www.dreederuk.com/ and his website is still working. Does that make any sense.
     
  13. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    He's off of a different reseller account.

    It looks like for each reseller account, Darken Host setup
    corresponding DNS server addresses with the same base
    name but a different TLD.

    You are hosted out of their reseller account associated
    with the .ORG domain extension

    Dreederuk.com is host out the reseller account associated
    with the .NET domain extension

    (Traces to 2 different sources)

    That is virus scanning. I said trojan and spyware!

    The best scanner for that is "PC Doctor" which catches many that others
    won't come close to detecting but is a commercial product.

    The next best choice is "SpyBot:Search and Destroy" which runs circles
    around all the spyware scanners out there except "PC Doctor" and
    is conveniently a free downloadable program.
     
  14. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    https://takingthepic.com:2083/ shows a proper cPanel login page but it won't allow you to login? Any error message or is it attempting to send you to that "server227.server-center.net" suspended page?

    http://server227.server-center.net/suspended.page is there because the dopes never changed or set up the server name "server227.server-center.net" (in the fortressitx.com data center in New Jersey) with proper DNS records. cPanel is attempting to send you to a 'suspended' page for which there's no DNS so you end up at a search engine landing page somewhere, which is where your occasional porn page is probably coming from.


    btw, the correct name of your server is "ns1.darkenhosting.org" but they didn't set that up correctly
     
    #14 koolcards, Jul 13, 2007
    Last edited: Jul 13, 2007
  15. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    When I try to login it just gives me the login pop up again...which is why I thought it had been hacked and someone had changed the password. I did try clicking the change password and it tells me that the new password has been sent to the email address on file but I don't recieve anything.
    I really appreciate your help here guy's Many thanks.

    I'm not all that happy with the service from darken host but they are cheap.....I'm a photographer and just spent a fortune on promoting my website at local events etc. I have also emailed a load of clients with samples of there portrait work and now this happens. Does anyone know of a place equally as cheap to host my site?
    Thanks again.
    Ken.
     
  16. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator

    Ken, you really need to get over the 'cheap' concept. If you're willing to spend a fortune on promotion of your website, you should be willing to spend up anywhere from 10-30 dollars for a basic website. Sure, websites can be gotten very very cheaply, but if you are putting money into a business you really need to add into your financial plan web/email hosting with top notch support, backups, reliability and forget about trying to get a couple dollar a month website. This isn't meant to chastise you - I'm just saying that in general people need to do some homework before they get a website and not let cost be priority #1 when it comes to hosting a professional or commercial website.

    With that said, we all know that a host offering 30 dollar websites with less features than a host offering 4 dollar websites does not guarantee that you are getting something in return for your investment. But try to consider other factors such as good name, reliability, support above the cost associated with hosting of a website that you are going to use to increase your income or promote yourself.

    I'm not familiar with the host that you're using - This isn't a jab at them. It's a general comment to anyone looking for a web host. If you're usting your site to promote yourself/your business and/or to make money, there is no reason you shouldn't be willing to put out somewhere between $60-$240 a year for hosting.

    Mike
     
  17. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Yeah I understand that mate....just not an option at the moment.
    Anyaway everything is up and running again now, email and cpanel all working too.
    Thanks everyone for the help, very much appreciated.
    Ken.
     
  18. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    As I said before, your account is clearly SUSPENDED over there!

    Actually both your account and their own reseller account is suspended

    As long as the suspension is in place, your login won't work
    and cpanel's reset password feature won't work either.

    That's not a problem at all ...

    I can help you with getting a new hosting account as I directly control 76 hosting providers
    and most others are either resellers, vds clients, or dedicated customers under one
    or more of my other service brands.

    What is a problem is your domain name. As it turns out, your current domain name
    was registered by your current hosting provider in their own name. Unfortunately this
    means that you have no legal rights or claims to the domain and unless your current
    host chooses to give you the domain, which means that you will probably have to
    get a new domain name when you move your hosting account.


    EDIT: Looks like you were posting more while I was posting this message.
    I am glad you finally got back into your account over there. However,
    you still have the problem of your domain being owned by the host.
     
    #18 Spiral, Jul 13, 2007
    Last edited: Jul 13, 2007
  19. KenCo

    KenCo Member

    Joined:
    Jul 30, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I'll pm you a little later....
    Thanks again for the help.
    Ken.
     
  20. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    Yep, on top of that, your cPanel account (and theirs, apparently) is suspended.

    Yes, in answer to your question, my hosting is pretty cheap, starting at $2.95 a month. <sigh> Yes, I've been doing this for many years, am reliable, offer support, yada, yada, base my pricing on bandwidth usage and most of my business is in dedicated machines. But I don't post here to attempt to dig up business so check http://www.webhostingtalk.com for some good hosting offers and find another host 'cause it would be a good idea to move. ANY host who buys your domain for you yet puts it in their own name is .... okay, I'll just say it's a bad idea. :cool: Good luck
     
Loading...

Share This Page