My website has been hacked

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › My website has been hacked

eariefarie

6 posts

Wannabe Geek

#78287 2-Mar-2011 13:44

Has anybody else who hosts a website with Orcon been hacked? The message on the website is "hacked by shiraz" (Also includes a number of symbols etc)

We have checked on google and found a number of other websites also hacked by this person and found that they are hosted on the same server with Orcon.

We have called Orcon a number of times with no resolution to date. They refuse to accept that there is a problem and won't even escalate this to tier 2 support.

We have had the most appauling customer service experience and expect that as soon as this is resolved (if it is EVER resolved) we will be looking to new providers.

Please feed back if you have had the same or similar experiences with your own website.

[Mod (N8): Updated subject line]

1 | 2 | 3 | 4

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#444777 2-Mar-2011 13:51

How do you know it's and Orcon problem? Sites get hacked all the time and more often than not they get in via the site, CMS's with bugs or forums with bugs, No sanity checking on inputs etc etc. Check your own stuff before blaming Orcon

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

eariefarie

6 posts

Wannabe Geek

#444779 2-Mar-2011 13:56

I appreciate your response, however we are 100% sure that it is an Orcon problem.

What my main frustration is at the moment is the fact that they are not even inclined to look into it. We can't even seem to get past the front line team. Can you honestly tell me that a tier 1 support person has the ability to diagnose such an issue?

jbard

1377 posts

Uber Geek
+1 received by user: 17

#444785 2-Mar-2011 14:07

eariefarie: I appreciate your response, however we are 100% sure that it is an Orcon problem.

What my main frustration is at the moment is the fact that they are not even inclined to look into it. We can't even seem to get past the front line team. Can you honestly tell me that a tier 1 support person has the ability to diagnose such an issue?

Well if your only evidence is that you are '100% sure' i wouldn't be letting you past the 1st tier either - you must have some actual proof it was their servers and not your website code that let them in?

ptinson

677 posts

Ultimate Geek
+1 received by user: 27

Trusted

#444786 2-Mar-2011 14:11

eariefarie: Has anybody else who hosts a website with Orcon been hacked? The message on the website is "hacked by shiraz" (Also includes a number of symbols etc)

We have checked on google and found a number of other websites also hacked by this person and found that they are hosted on the same server with Orcon.

We have called Orcon a number of times with no resolution to date. They refuse to accept that there is a problem and won't even escalate this to tier 2 support.

We have had the most appauling customer service experience and expect that as soon as this is resolved (if it is EVER resolved) we will be looking to new providers.

Please feed back if you have had the same or similar experiences with your own website.

Sorry to hear you have been hacked.
Could you please PM/email me your domain so I can take a quick look?

There are a number of ways this can happen to a site so its best we just make sure.

Paul Tinson
Systems Engineer
Orcon

meat popsicle

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#444787 2-Mar-2011 14:13

Yes, How can you be 100% sure without root level access to the server it's on to inspect the OS.

You're not going to get past 1st level when your spouting crazy

jmcrazy

2 posts

Wannabe Geek

#444788 2-Mar-2011 14:14

My site was also hacked by shiraz, hosted with kiwiwebhost. They didnt respond to my support request

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

eariefarie

6 posts

Wannabe Geek

#444792 2-Mar-2011 14:17

Hi everyone, Just want to say that I have had a response from one of the Orcon team and they to help us out. Thank goodness for Geekzone!! Result for phase one. Appreciate everyone's responses.

jbard

1377 posts

Uber Geek
+1 received by user: 17

#444793 2-Mar-2011 14:18

Maybe posted some information: How was it hacked, and what exactly did he do to the site?

did they replace index.html file or just the code inside the file?
or maybe they edited the code in index.html?

I have a feeling that if the web server was hacked this guy might have done more damage than just a editing a few files.

DonGould

3892 posts

Uber Geek
+1 received by user: 164

#444795 2-Mar-2011 14:19

So you just choose a smaller hosting company that can just roll your site back to the day before and then help you figure out where the compromise is?

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

jmcrazy

2 posts

Wannabe Geek

#444802 2-Mar-2011 14:37

they replaced the index.php file with html content. I havent found any other damage except my password was changed

jbard

1377 posts

Uber Geek
+1 received by user: 17

#444803 2-Mar-2011 14:39

jmcrazy: they replaced the index.php file with html content. I havent found any other damage except my password was changed

So if your password was changed that would suggested they used the "i forgot my password feature" and guessed your secret question or gained access to your email where your temp password was sent.

AliExpress

Shop now on AliExpress (affiliate link).

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#444807 2-Mar-2011 14:50

Calm down everyone?

To the OP... What kind of site was hosted? What kind of platform (blog with Wordpress, forums with specific bulletin board version)?

The first few answers are quite right... Unless there was a breach directly on the servers, most common defacements are due to unsecure software installations. It happens all the time, when there are known vulnerabilities and the site owner doesn't keep the scripts updated.

Without knowing details it's hard to say it's a hosting provider's fault, or the site owners negligence... Could you please tell us more (how it was done, when, etc)?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

babye

3 posts

Wannabe Geek

#444835 2-Mar-2011 15:56

Same problem. WordPress site hosted at Orcon, via Kiwi Web Host. index.php hacked.

Just waiting for Orcon to restore the site.

You might be able to see the hacked page: http://www.boutereys.co.nz/wp-content/

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#444836 2-Mar-2011 16:04

To all of you I suggest you keep constant watch and update your WordPress pages as new updates come out.

Also make sure you don't use some free themes. There are some dodgy things around and you should read more here.

You should also always make backups of your blogs/sites. There are many Wordpress plugins for that.

At the end of the day you should make sure all your stuff are protected - don't rely on your hosting provider. Even if they make backups, do your own as well.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

redjet

299 posts

Ultimate Geek
+1 received by user: 1

#444844 2-Mar-2011 16:20

babye: Same problem. WordPress site hosted at Orcon, via Kiwi Web Host. index.php hacked.

Just waiting for Orcon to restore the site.

You might be able to see the hacked page: http://www.boutereys.co.nz/wp-content/

There are a few things you can do to avoid being hacked if you are using WordPress. There are several good plugins that can help you tighten up the security. I noticed that your WP login page isn't protected therefore it's possible that a brute force attack maybe have discovered your password. Also your WordPress version is displayable when viewing the page source - this is a big help to hackers. Finally your version of WordPress is more than 2 years old - you really should be keeping it up to date.

Here are the first five things that I'd do if I were you:

1. Upgrade to the latest version of WordPress

2. Backup all files and databases on a regular basis

3. Install a plugin like WP DB Backup which can email you scheduled WordPress database backups

4. Install a plugin like Login Lockdown to help precent brute force attacks

5. Install a plugin like WP Security Scan (or something similar) to check your server security settings

PM me if you need any help.

Red Jet Web Services
- Affordable websites for small businesses
- Google Email setup and Migrations

1 | 2 | 3 | 4