Results 1 to 21 of 21
Thread: My site is hacked :(
-
02-11-2012, 05:47 PM #1New Member
- Join Date
- Nov 2011
- Posts
- 2
My site is hacked :(
Hi
My site = guru99.com
It is hosted on hostmonster.com
When I accessed the site today it was showing some wiered homepage.
When I checked with hostmoster support they said its hacked.
I deleted all files from server and restored , still it was guru99 was pointing to hacked location
The support executive later said that the site is pointing to the ip = 173.254.101.84
When I asked them root cause of the problem ... they said they do not know
Can anyone help me decipher why was this so such future attacks can be prevented?
I feel its a problem with hostmonster but they are not admitting ...
-
02-11-2012, 06:57 PM #2WHT Addict
- Join Date
- Sep 2009
- Posts
- 174
They say it is DOS attact, but my sites look like they are hacked too : (. IT just shows content from another site. They say they redirected shared IP to a dedicated or something, but this is a nice excuse I think.
Btw. You should probably put the hosting company name in the title; I doubt your site was 'hacked' because my sites - which are in plain HTML, no DB or even PHP - also look like 'hacked' but the problem is Hostmonster.com, not our sites.Last edited by AverageUser; 02-11-2012 at 07:05 PM. Reason: btw.
-
02-11-2012, 07:32 PM #3Junior Guru
- Join Date
- Sep 2008
- Location
- Iowa
- Posts
- 190
Hostmonster should be able to point out what happened. If not then you'll want to migrate to a different more secure web host. There are log files for just about everything and i'm sure HostGator can answer the question, its just the matter of when?
DOS attack will not take down a server, A DDoS attack will. The difference is, DoS is usually 1 attacker or zombie. Whereas a DDoS is generally a botnet of zombie computers or servers flooding a servers bandwidth essentially causing it to not allow access to for from the box. And if it were a DDoS the server would be going slow and laggy.. or not be online at all. If you're seeing a different website when going to your site, then it is not a DDoS or a DoS attack.
Also let me be clear
If a server get compromised then all accounts on the server can be affected. Regardless if its in PHP or HTML the root user has control over everything.███ Alex Fuller | Creative Director / Owner
███ Extremely experienced, with 5 years service to WHT community.
███ LegitDesigns, LLC - Professional Web Design Company
-
02-11-2012, 08:30 PM #4Disabled
- Join Date
- Feb 2010
- Location
- Worldwide
- Posts
- 61
I've run a number of scans, including a 3rd party site unmask parasites and your site is looking OK at the moment.
Did you manage to clear the hack from your site?
-
02-12-2012, 12:07 AM #5New Member
- Join Date
- Nov 2011
- Posts
- 2
I did nothing from my end ...
It was definitely a problem with hostmonster ...
-
02-12-2012, 05:49 AM #6Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 52
-
02-12-2012, 12:08 PM #7Junior Guru
- Join Date
- Sep 2008
- Location
- Iowa
- Posts
- 190
███ Alex Fuller | Creative Director / Owner
███ Extremely experienced, with 5 years service to WHT community.
███ LegitDesigns, LLC - Professional Web Design Company
-
02-12-2012, 12:31 PM #8Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
02-12-2012, 12:51 PM #9Junior Guru
- Join Date
- Sep 2008
- Location
- Iowa
- Posts
- 190
If the person is a complete noob and would completely go without any firewall... CSF...APF even a simple IPTables rule... blocks DoS attacks like its not even a problem. That's like saying cars don't run if you don't put gas in the fuel tank.
Plus the OP is using HostMonster, I know they have a firewall setup. So a DoS attack would not have taken it offline.Last edited by Alex LD; 02-12-2012 at 12:54 PM.
███ Alex Fuller | Creative Director / Owner
███ Extremely experienced, with 5 years service to WHT community.
███ LegitDesigns, LLC - Professional Web Design Company
-
02-12-2012, 01:18 PM #10WHT Addict
- Join Date
- Sep 2009
- Posts
- 174
Everything seems to come to normal finally.
-
02-12-2012, 03:27 PM #11Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Just because there is a firewall does not mean it will be blocked.
Example if you install csf or apf out of the box it will not block a dos attack. There is no rate limiting in place by default.
Same goes for many hardware firewalls. Unless its specifically setup to block it, its not going to do anythingSteven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
02-12-2012, 03:39 PM #12Web Host Reviewer
- Join Date
- Feb 2006
- Location
- Kepler 62f
- Posts
- 16,703
|| Need a good host?
|| See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
||
-
02-12-2012, 04:02 PM #13Web Hosting Guru
- Join Date
- Jul 2010
- Location
- Kansas City, MO, US
- Posts
- 292
Nah, I tend to disagree here. A distributed attack is simply a type of denial of service attack. There are non-distributed attacks which can bring down services - for example, an exploitable software bug which allowed a remote attacker to cause a web server to crash. That would also be a denial of service attack.
-
02-12-2012, 04:17 PM #14Junior Guru
- Join Date
- Sep 2008
- Location
- Iowa
- Posts
- 190
███ Alex Fuller | Creative Director / Owner
███ Extremely experienced, with 5 years service to WHT community.
███ LegitDesigns, LLC - Professional Web Design Company
-
02-12-2012, 04:42 PM #15Aspiring Evangelist
- Join Date
- Jan 2012
- Posts
- 362
Regardless of the attack software firewalls are pointless for DoS/DDoS. The traffic still hits the server. Software firewalls are meant for security.
-
02-12-2012, 08:49 PM #16Web Hosting Guru
- Join Date
- Jul 2010
- Location
- Kansas City, MO, US
- Posts
- 292
If you go into a data center and unplug a server with the intention of... denying service... then yes, that would be a denial of service attack.
Not necessarily. While a local packet filter isn't going to do much if your network interface is getting saturated (or, worse, if your upstream is getting saturated), it can block certain types of denial of service attacks; for example, attacks which rely on your server replying to ICMP packets.
-
02-14-2012, 01:33 AM #17Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 52
I think that's kind of his point. The DoS vs DDoS is presently outdated terminology because the similarities and differences between the two can sometimes be indistinguishable.
If I had a say, I'd vote to get rid of the "distributed" part of the definition and leave it at "denial of service" attack.
Whether or not it is distributed among other systems to perform that attack has nothing to do with the fact that it is a denial of service attack.
Well said!
I think people need to realize DoS attacks are simply efforts to disrupt service. There are many exploits, bugs, and vulnerabilities that, when calculated to scale, can do monetary damage and/or service disruption regardless whether any type of firewall is present.Last edited by humangenome; 02-14-2012 at 01:39 AM.
-
02-14-2012, 02:38 AM #18Web Hosting Guru
- Join Date
- Jul 2010
- Location
- Kansas City, MO, US
- Posts
- 292
Another example:
A resource exhaustion attack caused by attackers from a single IP address triggering a resource-intensive database query by hitting a CGI script many times concurrently. A packet filter on the host can then be used to block that IP address and hence end the denial of service condition at least temporarily.
Traffic hitting "the server" is abstract. The server does not necessarily mean the network interface. For an attack to be successful, the attack may need to (as in the case of the example I posted) reach the web server software which then allows it to execute a script. So there're lots of types of attacks, many of which lead to a denial of service condition, and there are lots of ways to address those attacks. Trying to define things so narrowly isn't useful in a technical context.
-
02-14-2012, 05:15 AM #19Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 52
-
02-14-2012, 11:42 AM #20Web Hosting Guru
- Join Date
- Jul 2010
- Location
- Kansas City, MO, US
- Posts
- 292
-
02-14-2012, 06:31 PM #21WHT Addict
- Join Date
- Mar 2010
- Posts
- 140
@kriru - glad that your site was back. Did the hoster share what was the reason for the site to be directed to an unathorized IP?
On the other discussion, IMHO, various kind of DoS attacks could take down a server - DoS or DDoS or low rate DoS.
Similar Threads
-
My site has been hacked!!!
By a1nerd in forum Web HostingReplies: 36Last Post: 04-07-2005, 12:37 PM -
My Site Was Hacked!
By Newuser11123 in forum Web Hosting LoungeReplies: 16Last Post: 01-30-2004, 11:52 AM -
site hacked
By nachopo in forum Reseller HostingReplies: 1Last Post: 07-15-2003, 11:59 AM -
Site hacked - now what?
By I, Brian in forum Hosting Security and TechnologyReplies: 30Last Post: 04-25-2003, 04:50 AM -
What to do if your site gets hacked?
By Lawny in forum Hosting Security and TechnologyReplies: 32Last Post: 12-11-2001, 08:33 PM