1092 posts
  • Has referred 100+ members
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has collected 10+ items on Envato Market
  • Had an item that became a weekly top seller
+8 more
Reconcept
says

Hi guys,

I just found out that my site was hacked. All they did was replace the index.php file with a new one which can be found here: http://www.jurgenvisser.nl/turken.php

Anyone know how they may have done this? I don’t know shit about hacking, I’m glad they’ve been ‘friendly’ but it’s kind of scary that they may know my password (which by the way I just changed).

Thanks

2201 posts
  • Has been part of the Envato Community for over 6 years
  • Has sold $1,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 1+ items on Envato Market
+6 more
ArikB
says

Hacking is the process of finding exploits in a website. Exploits can be found in data entry fields, hidden files, unlocked directories etc.

I think that knowledge of hacking is generally knowledge of internet security. I am not a programmer (trying to be though) nor a web developer, but you had a security leak somewhere.

499 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in Canada
+2 more
TutelageSystems
says

Check to see if your Web Server (Apache / IIS ) has the PUT option on. This was a huge problem with IIS 5 (it was on by default). If this option is on it allows anyone who can connect (everyone) and knows some HTTP request to upload / alter any page on your site.

Best thing to do is to check that first, change your username / passwords (even for your databases if you use them).

I would check there first then move on to the other area’s (such as your password for FTP )

1173 posts
  • Has been part of the Envato Community for over 6 years
  • Located in Australia
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+4 more
Motionreactor
says

You probably have a php script somewhere with very poor implemented security measures.

30 posts
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Sells items exclusively on Envato Market
theJae
says

lol that’s called ‘defaced’ and not hack. While it’s less harmless than being hacked, it should be handled with priority. Either you have a vulnerable PHP script – do you operate any blog, contact forms or whatever php script that include form handling? even something as innocent as a search bar might be the source. OR your web server has not been patched with the latest updates and your host might have left some holes opened.

My suggestion, contact your host immediately. They should have the skills to identify what was exploited to allow defacing.

And don’t worry. Your passwords and credit cards data are still safe. Provided you aren’t storing those sensitive information in a plain text file in your web space. Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

63 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+2 more
1Wolf1
says

It might be a good idea to put back a backup of your entire site. That way you are sure they didn;t write any additional code in some files which leaves them a new door after you went through the current files to close the door they came in through. As Motionreactor said. There might be a script with bad security.

2201 posts
  • Has been part of the Envato Community for over 6 years
  • Has sold $1,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 1+ items on Envato Market
+6 more
ArikB
says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

And then when asked why, would simply reply: I did it for teh lulz

30 posts
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Sells items exclusively on Envato Market
theJae
says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.
And then when asked why, would simply reply: I did it for teh lulz

And others would be mesmerized by your skill and would reply: br0 u r teh l33t!!!1

32 posts
  • Has been part of the Envato Community for over 6 years
  • Has sold $10,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 10+ items on Envato Market
+4 more
Avalonweb
says

Script kiddies at work ;-)

499 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in Canada
+2 more
TutelageSystems
says

Yeah I did a quick check to see if OPTION * where enabled and from my point they don’t seem to be enabled (which is good).

So verify your password, (change it to something stronger), and ask your ISP to check to logs to see who logged in or who updated the index.php page (Even an IP Address is enough… well unless they hid themselves but thats another issue).

by
by
by
by
by
by