Results 1 to 21 of 21
  1. #1

    * My site is hacked :(

    Hi

    My site = guru99.com

    It is hosted on hostmonster.com

    When I accessed the site today it was showing some wiered homepage.

    When I checked with hostmoster support they said its hacked.

    I deleted all files from server and restored , still it was guru99 was pointing to hacked location

    The support executive later said that the site is pointing to the ip = 173.254.101.84

    When I asked them root cause of the problem ... they said they do not know

    Can anyone help me decipher why was this so such future attacks can be prevented?

    I feel its a problem with hostmonster but they are not admitting ...

  2. #2
    They say it is DOS attact, but my sites look like they are hacked too : (. IT just shows content from another site. They say they redirected shared IP to a dedicated or something, but this is a nice excuse I think.

    Btw. You should probably put the hosting company name in the title; I doubt your site was 'hacked' because my sites - which are in plain HTML, no DB or even PHP - also look like 'hacked' but the problem is Hostmonster.com, not our sites.
    Last edited by AverageUser; 02-11-2012 at 07:05 PM. Reason: btw.

  3. #3
    Join Date
    Sep 2008
    Location
    Iowa
    Posts
    190
    Quote Originally Posted by kriru View Post
    Can anyone help me decipher why was this so such future attacks can be prevented?
    Hostmonster should be able to point out what happened. If not then you'll want to migrate to a different more secure web host. There are log files for just about everything and i'm sure HostGator can answer the question, its just the matter of when?


    Quote Originally Posted by AverageUser View Post
    They say it is DOS attact, but my sites look like they are hacked too
    DOS attack will not take down a server, A DDoS attack will. The difference is, DoS is usually 1 attacker or zombie. Whereas a DDoS is generally a botnet of zombie computers or servers flooding a servers bandwidth essentially causing it to not allow access to for from the box. And if it were a DDoS the server would be going slow and laggy.. or not be online at all. If you're seeing a different website when going to your site, then it is not a DDoS or a DoS attack.

    Also let me be clear
    If a server get compromised then all accounts on the server can be affected. Regardless if its in PHP or HTML the root user has control over everything.
    Alex Fuller | Creative Director / Owner
    Extremely experienced, with 5 years service to WHT community.
    LegitDesigns, LLC - Professional Web Design Company

  4. #4
    Join Date
    Feb 2010
    Location
    Worldwide
    Posts
    61
    I've run a number of scans, including a 3rd party site unmask parasites and your site is looking OK at the moment.

    Did you manage to clear the hack from your site?

  5. #5
    I did nothing from my end ...

    It was definitely a problem with hostmonster ...

  6. #6
    Join Date
    Feb 2012
    Posts
    52
    Quote Originally Posted by Alex LD View Post
    DOS attack will not take down a server, A DDoS attack will. The difference is, DoS is usually 1 attacker or zombie. Whereas a DDoS is generally a botnet of zombie computers or servers flooding a servers bandwidth essentially causing it to not allow access to for from the box. And if it were a DDoS the server would be going slow and laggy.. or not be online at all. If you're seeing a different website when going to your site, then it is not a DDoS or a DoS attack.
    The difference is not accurate.

    A DoS and DDoS attack are one in the same.

    You are describing different types of attacks and how they are scaled.

  7. #7
    Join Date
    Sep 2008
    Location
    Iowa
    Posts
    190
    Quote Originally Posted by humangenome View Post
    The difference is not accurate.

    A DoS and DDoS attack are one in the same.

    You are describing different types of attacks and how they are scaled.
    DoS = Denial of Service ( 1 computer flooding)
    DDoS = Distribute Denial of Service (botnet flooding)

    Very different indeed, google, DoS vs DDoS you'll see my description is actually right.
    Alex Fuller | Creative Director / Owner
    Extremely experienced, with 5 years service to WHT community.
    LegitDesigns, LLC - Professional Web Design Company

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by Alex LD View Post
    DOS attack will not take down a server, A DDoS attack will.
    'DOS' attacks take down servers all the time, if not setup to block them..
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Join Date
    Sep 2008
    Location
    Iowa
    Posts
    190
    Quote Originally Posted by Steven View Post
    'DOS' attacks take down servers all the time, if not setup to block them..
    If the person is a complete noob and would completely go without any firewall... CSF...APF even a simple IPTables rule... blocks DoS attacks like its not even a problem. That's like saying cars don't run if you don't put gas in the fuel tank.

    Plus the OP is using HostMonster, I know they have a firewall setup. So a DoS attack would not have taken it offline.
    Last edited by Alex LD; 02-12-2012 at 12:54 PM.
    Alex Fuller | Creative Director / Owner
    Extremely experienced, with 5 years service to WHT community.
    LegitDesigns, LLC - Professional Web Design Company

  10. #10
    Everything seems to come to normal finally.

  11. #11
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by Alex LD View Post
    If the person is a complete noob and would completely go without any firewall... CSF...APF even a simple IPTables rule... blocks DoS attacks like its not even a problem. That's like saying cars don't run if you don't put gas in the fuel tank.

    Plus the OP is using HostMonster, I know they have a firewall setup. So a DoS attack would not have taken it offline.
    Just because there is a firewall does not mean it will be blocked.
    Example if you install csf or apf out of the box it will not block a dos attack. There is no rate limiting in place by default.
    Same goes for many hardware firewalls. Unless its specifically setup to block it, its not going to do anything
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  12. #12
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,703
    Quote Originally Posted by Steven View Post
    Just because there is a firewall does not mean it will be blocked. Example if you install csf or apf out of the box it will not block a dos attack. There is no rate limiting in place by default. Same goes for many hardware firewalls. Unless its specifically setup to block it, its not going to do anything
    What are your suggested settings? CSF, for example.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  13. #13
    Join Date
    Jul 2010
    Location
    Kansas City, MO, US
    Posts
    292
    Quote Originally Posted by Alex LD View Post
    DoS = Denial of Service ( 1 computer flooding)
    DDoS = Distribute Denial of Service (botnet flooding)

    Very different indeed, google, DoS vs DDoS you'll see my description is actually right.
    Nah, I tend to disagree here. A distributed attack is simply a type of denial of service attack. There are non-distributed attacks which can bring down services - for example, an exploitable software bug which allowed a remote attacker to cause a web server to crash. That would also be a denial of service attack.
    Ⓐ Red Triangle Technology Collective Ⓐ
    Hosting a revolution!
    http://www.redtriangletc.org/

  14. #14
    Join Date
    Sep 2008
    Location
    Iowa
    Posts
    190
    Quote Originally Posted by mdharris View Post
    Nah, I tend to disagree here. A distributed attack is simply a type of denial of service attack. There are non-distributed attacks which can bring down services - for example, an exploitable software bug which allowed a remote attacker to cause a web server to crash. That would also be a denial of service attack.
    If you consider an exploitable software bug as a Denial of service on such a broad spectrum, then so basically would be any other type attack to a system. I guess if someone pulled the power cord out of the wall, that too is a Denial of Service.
    Alex Fuller | Creative Director / Owner
    Extremely experienced, with 5 years service to WHT community.
    LegitDesigns, LLC - Professional Web Design Company

  15. #15
    Join Date
    Jan 2012
    Posts
    362
    Regardless of the attack software firewalls are pointless for DoS/DDoS. The traffic still hits the server. Software firewalls are meant for security.

  16. #16
    Join Date
    Jul 2010
    Location
    Kansas City, MO, US
    Posts
    292
    Quote Originally Posted by Alex LD View Post
    If you consider an exploitable software bug as a Denial of service on such a broad spectrum, then so basically would be any other type attack to a system. I guess if someone pulled the power cord out of the wall, that too is a Denial of Service.
    If you go into a data center and unplug a server with the intention of... denying service... then yes, that would be a denial of service attack.

    Quote Originally Posted by BiggyMike View Post
    Regardless of the attack software firewalls are pointless for DoS/DDoS. The traffic still hits the server. Software firewalls are meant for security.
    Not necessarily. While a local packet filter isn't going to do much if your network interface is getting saturated (or, worse, if your upstream is getting saturated), it can block certain types of denial of service attacks; for example, attacks which rely on your server replying to ICMP packets.
    Ⓐ Red Triangle Technology Collective Ⓐ
    Hosting a revolution!
    http://www.redtriangletc.org/

  17. #17
    Join Date
    Feb 2012
    Posts
    52
    Quote Originally Posted by Alex LD View Post
    If you consider an exploitable software bug as a Denial of service on such a broad spectrum, then so basically would be any other type attack to a system. I guess if someone pulled the power cord out of the wall, that too is a Denial of Service.
    I think that's kind of his point. The DoS vs DDoS is presently outdated terminology because the similarities and differences between the two can sometimes be indistinguishable.

    If I had a say, I'd vote to get rid of the "distributed" part of the definition and leave it at "denial of service" attack.

    Whether or not it is distributed among other systems to perform that attack has nothing to do with the fact that it is a denial of service attack.

    Quote Originally Posted by mdharris View Post
    While a local packet filter isn't going to do much if your network interface is getting saturated (or, worse, if your upstream is getting saturated), it can block certain types of denial of service attacks; for example, attacks which rely on your server replying to ICMP packets.
    Well said!

    I think people need to realize DoS attacks are simply efforts to disrupt service. There are many exploits, bugs, and vulnerabilities that, when calculated to scale, can do monetary damage and/or service disruption regardless whether any type of firewall is present.
    Last edited by humangenome; 02-14-2012 at 01:39 AM.

  18. #18
    Join Date
    Jul 2010
    Location
    Kansas City, MO, US
    Posts
    292
    Quote Originally Posted by BiggyMike View Post
    Regardless of the attack software firewalls are pointless for DoS/DDoS. The traffic still hits the server. Software firewalls are meant for security.
    Another example:
    A resource exhaustion attack caused by attackers from a single IP address triggering a resource-intensive database query by hitting a CGI script many times concurrently. A packet filter on the host can then be used to block that IP address and hence end the denial of service condition at least temporarily.

    Traffic hitting "the server" is abstract. The server does not necessarily mean the network interface. For an attack to be successful, the attack may need to (as in the case of the example I posted) reach the web server software which then allows it to execute a script. So there're lots of types of attacks, many of which lead to a denial of service condition, and there are lots of ways to address those attacks. Trying to define things so narrowly isn't useful in a technical context.
    Ⓐ Red Triangle Technology Collective Ⓐ
    Hosting a revolution!
    http://www.redtriangletc.org/

  19. #19
    Join Date
    Feb 2012
    Posts
    52
    Quote Originally Posted by mdharris View Post
    For an attack to be successful, the attack may need to (as in the case of the example I posted) reach the web server software which then allows it to execute a script.
    I can think of many ways DoS can be successful other than executing a script.. how about packet flooding a domain/IP? That would be considered a DoS even if the site were not taken down (can use lots of bandwidth).

  20. #20
    Join Date
    Jul 2010
    Location
    Kansas City, MO, US
    Posts
    292
    Quote Originally Posted by humangenome View Post
    I can think of many ways DoS can be successful other than executing a script.. how about packet flooding a domain/IP? That would be considered a DoS even if the site were not taken down (can use lots of bandwidth).
    I don't think you read my whole post.
    Ⓐ Red Triangle Technology Collective Ⓐ
    Hosting a revolution!
    http://www.redtriangletc.org/

  21. #21
    @kriru - glad that your site was back. Did the hoster share what was the reason for the site to be directed to an unathorized IP?

    On the other discussion, IMHO, various kind of DoS attacks could take down a server - DoS or DDoS or low rate DoS.

Similar Threads

  1. My site has been hacked!!!
    By a1nerd in forum Web Hosting
    Replies: 36
    Last Post: 04-07-2005, 12:37 PM
  2. My Site Was Hacked!
    By Newuser11123 in forum Web Hosting Lounge
    Replies: 16
    Last Post: 01-30-2004, 11:52 AM
  3. site hacked
    By nachopo in forum Reseller Hosting
    Replies: 1
    Last Post: 07-15-2003, 11:59 AM
  4. Site hacked - now what?
    By I, Brian in forum Hosting Security and Technology
    Replies: 30
    Last Post: 04-25-2003, 04:50 AM
  5. What to do if your site gets hacked?
    By Lawny in forum Hosting Security and Technology
    Replies: 32
    Last Post: 12-11-2001, 08:33 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •