FlyerTalk Forums - View Single Post - My website was hacked!
Thread: My website was hacked!
View Single Post
Old Apr 22, 2007 | 1:53 pm
  #35  
PTravel
FlyerTalk Evangelist
 
Join Date: Mar 2004
Location: Newport Beach, California, USA
Posts: 36,062
Just a follow-up . . .

Despite repeated trouble tickets to my web host (MySiteSpace.com), my site was hacked daily for a week. The first trouble tickets resulted in stupid responses -- "change your access password" (I did several times, but the problem was on their end, not mine), "we're installing new security software, give it a day" (I did, one week later I was still getting hacked), etc. Finally my tickets were just ignored.

Special thanks to ScottC, who pm'd me with a recommendation for a reliable web host -- I switched last night. The new host (Dreamhost.com -- why not give them a plug?) appears to be secure, reliable, faster and gives me more storage for just a little more money than those morons at MySiteSpace.

A couple of cautions if you have a website:

- ALWAYS keep a clean copy of every file on the site. I do that, which made repairing the hacked site and moving my web site to the new web host very easy -- I just ftp'd everything back up and was up and running in the amount of time it took to complete the file transfers (about an hour).

- I had downloaded the hacked index page to take a look at it in FrontPage. Then I did something very, very, very stupid. I opened the page in my web browser to see what it looked like. Perhaps because it was a local file, none of my anti-malware or anti-virus software kicked in. It contained javascript that, I'm pretty sure, installed a root kit virus; at any rate, I started experiencing serious slowdowns and crashes on my machine. I spent the better part of yesterday getting the damn thing out. Microsoft has links to some tools that help -- one is a program that tries to detect files and links hidden from the Windows API, i.e. rootkits. It found some suspicious code and links hidden in the registry. The other was a cleaner that removes registry entries that contain nulls (also used to hide root kits). Fortunately for me, the executable virus code was hidden in subfolders under temp directories so I simply removed the entire temp directory (and lost a bunch of cookies that I wanted to keep in the process, e.g. passwords, etc.), removed the null entries from the registry, removed entire key sections from the registry that I decided didn't belong, and rebooted. Everything seems back to normal, but this kind of open-registry surgery and wholesale deletion of system subfolders is not for the faint-of-heart, and I wouldn't recommend doing it unless you have a pretty good idea of how the OS works. At any rate, I digress -- hacking websites is serious business. If yours gets hacked DO NOT play with the hacked page unless you know EXACTLY what you are doing. Most of the time, the hacks are innocuous -- links inserted to boost their google scores. Sometimes, however, they're not.

- Don't pick a webhost based solely on price. If I wasn't reasonably organized on my end, I could have a lost website content that's taken me years to develop.

- You can trust ScottC's recommendations!
PTravel is offline  
Reply