1092 posts
  • Netherlands
  • Has been a member for 7-8 years
  • Elite Author
  • Sold between 50 000 and 100 000 dollars
  • Bought between 10 and 49 items
  • Referred between 100 and 199 users
  • Contributed a Blog Post
+2 more
Reconcept says

Hi guys,

I just found out that my site was hacked. All they did was replace the index.php file with a new one which can be found here: http://www.jurgenvisser.nl/turken.php

Anyone know how they may have done this? I don’t know shit about hacking, I’m glad they’ve been ‘friendly’ but it’s kind of scary that they may know my password (which by the way I just changed).

Thanks

2201 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 5-6 years
  • Netherlands
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 1 000 and 5 000 dollars
ArikB says

Hacking is the process of finding exploits in a website. Exploits can be found in data entry fields, hidden files, unlocked directories etc.

I think that knowledge of hacking is generally knowledge of internet security. I am not a programmer (trying to be though) nor a web developer, but you had a security leak somewhere.

499 posts
  • Canada
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 5-6 years
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
TutelageSystems says

Check to see if your Web Server (Apache / IIS ) has the PUT option on. This was a huge problem with IIS 5 (it was on by default). If this option is on it allows anyone who can connect (everyone) and knows some HTTP request to upload / alter any page on your site.

Best thing to do is to check that first, change your username / passwords (even for your databases if you use them).

I would check there first then move on to the other area’s (such as your password for FTP )

1173 posts
  • Australia
  • Beta Tester
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
Motionreactor says

You probably have a php script somewhere with very poor implemented security measures.

28 posts
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Sold between 1 and 100 dollars
  • Hong Kong
  • Exclusive Author
theJae says

lol that’s called ‘defaced’ and not hack. While it’s less harmless than being hacked, it should be handled with priority. Either you have a vulnerable PHP script – do you operate any blog, contact forms or whatever php script that include form handling? even something as innocent as a search bar might be the source. OR your web server has not been patched with the latest updates and your host might have left some holes opened.

My suggestion, contact your host immediately. They should have the skills to identify what was exploited to allow defacing.

And don’t worry. Your passwords and credit cards data are still safe. Provided you aren’t storing those sensitive information in a plain text file in your web space. Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

63 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Microlancer Beta Tester
  • Netherlands
  • Referred between 1 and 9 users
1Wolf1 says

It might be a good idea to put back a backup of your entire site. That way you are sure they didn;t write any additional code in some files which leaves them a new door after you went through the current files to close the door they came in through. As Motionreactor said. There might be a script with bad security.

2201 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 5-6 years
  • Netherlands
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 1 000 and 5 000 dollars
ArikB says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.

And then when asked why, would simply reply: I did it for teh lulz

28 posts
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Sold between 1 and 100 dollars
  • Hong Kong
  • Exclusive Author
theJae says
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.
And then when asked why, would simply reply: I did it for teh lulz

And others would be mesmerized by your skill and would reply: br0 u r teh l33t!!!1

32 posts
  • Author had a File in an Envato Bundle
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 10 000 and 50 000 dollars
Avalonweb says

Script kiddies at work ;-)

499 posts
  • Canada
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 5-6 years
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
TutelageSystems says

Yeah I did a quick check to see if OPTION * where enabled and from my point they don’t seem to be enabled (which is good).

So verify your password, (change it to something stronger), and ask your ISP to check to logs to see who logged in or who updated the index.php page (Even an IP Address is enough… well unless they hid themselves but thats another issue).

by
by
by
by
by
by