I just found out that my site was hacked. All they did was replace the index.php file with a new one which can be found here: http://www.jurgenvisser.nl/turken.php
Anyone know how they may have done this? I don’t know shit about hacking, I’m glad they’ve been ‘friendly’ but it’s kind of scary that they may know my password (which by the way I just changed).
Hacking is the process of finding exploits in a website. Exploits can be found in data entry fields, hidden files, unlocked directories etc.
I think that knowledge of hacking is generally knowledge of internet security. I am not a programmer (trying to be though) nor a web developer, but you had a security leak somewhere.
Check to see if your Web Server (Apache / IIS ) has the PUT option on. This was a huge problem with IIS 5 (it was on by default). If this option is on it allows anyone who can connect (everyone) and knows some HTTP request to upload / alter any page on your site.
Best thing to do is to check that first, change your username / passwords (even for your databases if you use them).
I would check there first then move on to the other area’s (such as your password for FTP )
You probably have a php script somewhere with very poor implemented security measures.
lol that’s called ‘defaced’ and not hack. While it’s less harmless than being hacked, it should be handled with priority. Either you have a vulnerable PHP script – do you operate any blog, contact forms or whatever php script that include form handling? even something as innocent as a search bar might be the source. OR your web server has not been patched with the latest updates and your host might have left some holes opened.
My suggestion, contact your host immediately. They should have the skills to identify what was exploited to allow defacing.
And don’t worry. Your passwords and credit cards data are still safe. Provided you aren’t storing those sensitive information in a plain text file in your web space. Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.
It might be a good idea to put back a backup of your entire site. That way you are sure they didn;t write any additional code in some files which leaves them a new door after you went through the current files to close the door they came in through. As Motionreactor said. There might be a script with bad security.
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.
And then when asked why, would simply reply: I did it for teh lulz
Defacing are usually committed for fun. In common underground vocabulary for your situation, one could say pwned!!!!11.And then when asked why, would simply reply: I did it for teh lulz
And others would be mesmerized by your skill and would reply: br0 u r teh l33t!!!1
Yeah I did a quick check to see if OPTION * where enabled and from my point they don’t seem to be enabled (which is good).
So verify your password, (change it to something stronger), and ask your ISP to check to logs to see who logged in or who updated the index.php page (Even an IP Address is enough… well unless they hid themselves but thats another issue).