My Website has been Hacked by Black Jaguar... Help?
Asked
Active
Viewed 2,305 times
3
-
15Unfortunately this situation is so common we now have a slogan for such questions: "Nuke it from orbit, and restore from backup; it's the only way to be sure" – Chris S Sep 10 '10 at 14:11
-
possible duplicate of My server's been hacked EMERGENCY – Tom O'Connor Apr 17 '12 at 14:50
1 Answers
44
Take it down now and assume all data has been compromised. Restore from a known-good backup; if you have been storing sensitive/private data, assume the hacker also has them; respond accordingly.
If your site was hacked through a vulnerability in your code, you may want to close that before you put it back online - else it will get hacked again and again.
-
1
-
5
-
Fortunately it was a website I was just using to test scripts and things so there's no sensitive data. I'll start removing everything piece by piece tonight. – Dan Hanly Sep 10 '10 at 13:54
-
3Also, check the log files to find the hacker's point of entry (if you can) and fix it. – Chris Nava Sep 10 '10 at 14:22
-
1looking at the automated script-kiddie like results from a quick google search of the hacker, i'd stick my neck out and say it'll be an automated SQL injection. did your site use sql at all, or any large sql based projects (which were out of date maybe?) ? – Sirex Sep 10 '10 at 14:26
-
@Sirex yeah it was a Joomla powered site. I thought joomla had enough security to block SQL injection... – Dan Hanly Sep 14 '10 at 15:49
-
What I want to know is, has this affected the server? It's paid hosting, not VPN or anything like that, so should I notify my hosting provider? – Dan Hanly Sep 14 '10 at 15:50
-
1Yea, id give them a heads up. They should be able to wipe the slate clean and give you a decent idea that the new platform is secure. you need to assume they gained root access to the system. was joomla, sqp server etc all up to date at the time ? – Sirex Sep 15 '10 at 07:03