My website has been hacked

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › My website has been hacked

1 | 2 | 3 | 4

2572 posts

Uber Geek
+1 received by user: 233

#444847 2-Mar-2011 16:22

babye: Same problem. WordPress site hosted at Orcon, via Kiwi Web Host. index.php hacked.

Just waiting for Orcon to restore the site.

You might be able to see the hacked page: http://www.boutereys.co.nz/wp-content/

Wow, you really should be keeping wordpress up to date. In a version that old, there's loads of security vulnerabilities.

babye

3 posts

Wannabe Geek

#444852 2-Mar-2011 16:30

Yeah, I'll be having a chat with my developers.

DonGould

3892 posts

Uber Geek
+1 received by user: 164

#444858 2-Mar-2011 16:37

redjet: PM me if you need any help.

Nice post! :) +1

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

nate

6473 posts

Uber Geek
+1 received by user: 458

Retired Mod

Trusted

Lifetime subscriber

#444878 2-Mar-2011 17:01

I've updated the subject line of this topic to be a little more descriptive - the original implied that Orcon had been hacked, when it's really only one user's account.

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#444883 2-Mar-2011 17:07

i attempted to get to http://www.mobiletune.co.nz a few days back and noticed it had been 'hacked by shiraz'. Checking their dns showed they were iserve/orcon hosted too.

looks like they are back up now. but it cost them a job the other day as i went somewhere else

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

babye

3 posts

Wannabe Geek

#444889 2-Mar-2011 17:12

Someone with a bit more time on their hands could google "shiraz hacker" and check out the dns for the sites showing up.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#444892 2-Mar-2011 17:15

btw, i didnt contact orcon or mobiletune directly when i found the site was hacked, but i did tweet about it and included orcon twitter account in that. no idea if anyone there followed it up.

http://twitter.com/#!/nzregs/status/40935129601937409

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#444893 2-Mar-2011 17:15

I have had a few situations in the past with customers getting their sites hacked. Had a couple times when they had chmod to 777 on Linux systems and that's easy for a hacker. Most often its a security exploit in the CMS. In all instances its just the index.whatever file being changed. I have never had a problem with hacking on Windows IIS, I think the tools the hackers use are mainly for Linux so even if they find something with poor security hosted on IIS they just ignore it.

Speedtest 2019-10-14

oldmaknz

536 posts

Ultimate Geek

#444896 2-Mar-2011 17:24

Hosting providers have security pros (or at least, should have) monitoring their networks and ensuring security on their end. The only way, in an ideal world, to get hacked is for your password to be compromised or your website to be compromised.

There are rare events when web hosting providers get hacked, but it's far, far, far more common for it to be the user's fault.

DonGould

3892 posts

Uber Geek
+1 received by user: 164

#444898 2-Mar-2011 17:26

All site owners should have some sort of disaster recovery plan and most people don't. They generally don't care and don't think about it and don't want to.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

hairy1

3352 posts

Uber Geek
+1 received by user: 644

ID Verified

Trusted

Lifetime subscriber

#444903 2-Mar-2011 17:31

After the CHC earthquake I really decided I should have some disaster recovery plan. I now backup all my customers websites (20+) weekly to Amazon S3, and also to dropbox in an easy to grab format. This is in addition to my hosting providers weekly backups.

Another measure is to make sure someone else knows where it all is.... A lot of the time stuff is in people heads....

Cheers, Matt.

My views (except when I am looking out their windows) are not those of my employer.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#444905 2-Mar-2011 17:33

Zeon: I have never had a problem with hacking on Windows IIS

the older versions (nt4, win2k) with the default security used to be pretty vulnerable. if you keep up with security patches etc, then not so much of a problem these days.

that said, if someone wanted to hack *you*, not just run a script, then it probably wouldnt matter what you ran. if they were skilled and dedicated to the task then there is a good chance they would get in somehow.. no matter if you ran windows, linux or whatever. it hard to put up a firewall to protect against social engineering.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#444912 2-Mar-2011 17:41

Regs:
Zeon: I have never had a problem with hacking on Windows IIS

the older versions (nt4, win2k) with the default security used to be pretty vulnerable. if you keep up with security patches etc, then not so much of a problem these days.

that said, if someone wanted to hack *you*, not just run a script, then it probably wouldnt matter what you ran. if they were skilled and dedicated to the task then there is a good chance they would get in somehow.. no matter if you ran windows, linux or whatever. it hard to put up a firewall to protect against social engineering.

Yes true. It's funny timing actually as one of our IIS web hosting servers came under a DDoS attack last week mainly from Hong Kong. Think it was just random but the thing that protected us in that instance was the sh!thouse international we have =p. But Vocus who provides upstream to our colo company nulled our IP straight away and everything was good again in about 30 mins.

Speedtest 2019-10-14

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233

#444914 2-Mar-2011 17:43

In this case it wasn't anything to do with Orcon (nor the other sites getting hacked) but people not updating their own software.

buggerit

4 posts

Wannabe Geek

#444916 2-Mar-2011 17:48

Interesting. My website uses Joomla CMS. If word press has been hacked then it seems to be either aimed at both or something deeper. I am with kiwiwebhost as well. What happened was the menus are all changed to Hacked By Shiraz (in mysql), and then as soon as you make the mistake of logging into the administrator back end the home page changes to a fiery skull, as does the administrator backend page. You can no longer log in through Joomla. Orcon/Iserve finally restored the backup after 5 days of my site being down. However, the backup still has the hacked menu info in the mysql tables, so it's to an older version I must go... I guess.

I really want Orcon/iServe to identify how it happened to my site and at least 5-6+ others on the SAME server. Did we all have the same vulnerability? Why are other sites around NZ and the world for that matter not getting the same hacked message if it is a joomla and word press security issue? Maybe it is just a coincidence that our sites are all kiwiwebhost hosted.

1 | 2 | 3 | 4