1092 posts
  • Has referred 100+ members
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has collected 10+ items on Envato Market
  • Located in Netherlands
+7 more
Reconcept says

Hi guys,

I just found out that my site was hacked. All they did was replace the index.php file with a new one which can be found here: http://www.jurgenvisser.nl/turken.php

Anyone know how they may have done this? I don’t know shit about hacking, I’m glad they’ve been ‘friendly’ but it’s kind of scary that they may know my password (which by the way I just changed).

Thanks

2201 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $1,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 1+ items on Envato Market
+4 more
ArikB says

Hacking is the process of finding exploits in a website. Exploits can be found in data entry fields, hidden files, unlocked directories etc.

I think that knowledge of hacking is generally knowledge of internet security. I am not a programmer (trying to be though) nor a web developer, but you had a security leak somewhere.

499 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in Canada
+2 more
TutelageSystems says

Check to see if your Web Server (Apache / IIS ) has the PUT option on. This was a huge problem with IIS 5 (it was on by default). If this option is on it allows anyone who can connect (everyone) and knows some HTTP request to upload / alter any page on your site.

Best thing to do is to check that first, change your username / passwords (even for your databases if you use them).

I would check there first then move on to the other area’s (such as your password for FTP )

1173 posts
  • Has been part of the Envato Community for over 5 years
  • Located in Australia
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+3 more
Motionreactor says

You probably have a php script somewhere with very poor implemented security measures.

30 posts
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Located in Mauritius
+1 more
theJae says

lol that’s called ‘defaced’ and not hack. While it’s less harmless than being hacked, it should be handled with priority. Either you have a vulnerable PHP script – do you operate any blog, contact forms or whatever php script that include form handling? even something as innocent as a search bar might be the source. OR your web server has not been patched with the latest updates and your host might have left some holes opened.

My suggestion, contact your host immediately. They should have the skills to identify what was exploited to allow defacing.

And don’t worry. Your passwords and credit cards data are still safe. Provided you aren’t storing those sensitive information in a plain text file in your web space. Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

63 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+2 more
1Wolf1 says

It might be a good idea to put back a backup of your entire site. That way you are sure they didn;t write any additional code in some files which leaves them a new door after you went through the current files to close the door they came in through. As Motionreactor said. There might be a script with bad security.

2201 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $1,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 1+ items on Envato Market
+4 more
ArikB says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

And then when asked why, would simply reply: I did it for teh lulz

30 posts
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Located in Mauritius
+1 more
theJae says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.
And then when asked why, would simply reply: I did it for teh lulz

And others would be mesmerized by your skill and would reply: br0 u r teh l33t!!!1

32 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $10,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 10+ items on Envato Market
+3 more
Avalonweb says

Script kiddies at work ;-)

499 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in Canada
+2 more
TutelageSystems says

Yeah I did a quick check to see if OPTION * where enabled and from my point they don’t seem to be enabled (which is good).

So verify your password, (change it to something stronger), and ask your ISP to check to logs to see who logged in or who updated the index.php page (Even an IP Address is enough… well unless they hid themselves but thats another issue).

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by