Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

URGENT !!! Someone hacked into the site and edited my php files !!!! ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜ฅ๐Ÿ˜จ๐Ÿ˜จ๐Ÿ˜ฑ

@admin i need your urgent help...
someone got into my root files and edited some php files...๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ
thanks to my backup habit ,the site is still online and running ...
i use cloudflare's services too...
How am i supposed to stop this future...
i am quite worried now!!!!!!!

ยซ1

Comments

  • @Rikhi55 said:
    @admin i need your urgent help...
    someone got into my root files and edited some php files...๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ
    thanks to my backup habit ,the site is still online and running ...
    i use cloudflare's services too...
    How am i supposed to stop this future...
    i am quite worried now!!!!!!!

    Change your password quick!

  • @Rikhi55 said:
    @admin i need your urgent help...
    someone got into my root files and edited some php files...๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ
    thanks to my backup habit ,the site is still online and running ...
    i use cloudflare's services too...
    How am i supposed to stop this future...
    i am quite worried now!!!!!!!

    Change your password from Client Area AND from the panel (you can also do that via Client area)
    Also, make sure that there is no malicious code in any of the files.



    A bit offtopic, but what did the hacker actually change if you don't mind?
  • @ChrisPAR said:

    @Rikhi55 said:
    @admin i need your urgent help...
    someone got into my root files and edited some php files...๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ
    thanks to my backup habit ,the site is still online and running ...
    i use cloudflare's services too...
    How am i supposed to stop this future...
    i am quite worried now!!!!!!!

    Change your password from Client Area AND from the panel (you can also do that via Client area)
    Also, make sure that there is no malicious code in any of the files.



    A bit offtopic, but what did the hacker actually change if you don't mind?

    @ChrisPAR my index.php file!!!! they displayed some text ....
    and i think they got access to it from outside!!!
    i doubt that they had access to my hosting's password cause they would have then edited/damaged it completely not just my index.php and 3 more php files that were in htdocs folder i.e. they either failed or didn't had access to my inner core files,neither they deleted any inner core file....
    ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ

  • btw i have changed my password...but still as i mentioned my doubt i fear the attack again!!! ๐Ÿ˜“

  • @Rikhi55 said:

    @ChrisPAR said:

    @Rikhi55 said:
    @admin i need your urgent help...
    someone got into my root files and edited some php files...๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ
    thanks to my backup habit ,the site is still online and running ...
    i use cloudflare's services too...
    How am i supposed to stop this future...
    i am quite worried now!!!!!!!

    Change your password from Client Area AND from the panel (you can also do that via Client area)
    Also, make sure that there is no malicious code in any of the files.



    A bit offtopic, but what did the hacker actually change if you don't mind?

    @ChrisPAR my index.php file!!!! they displayed some text ....
    and i think they got access to it from outside!!!
    i doubt that they had access to my hosting's password cause they would have then edited/damaged it completely not just my index.php and 3 more php files that were in htdocs folder i.e. they either failed or didn't had access to my inner core files,neither they deleted any inner core file....
    ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ๐Ÿ˜ฉ

    What text? Which team was it?
    Have you checked your code for vulnerabilities?

    @Rikhi55 said:
    btw i have changed my password...but still as i mentioned my doubt i fear the attack again!!! ๐Ÿ˜“

    Do not fear, if yu have changed password and your files have no known vulnerability there will be no problem.


    Btw, maybe the hackers were Team_CC?

  • What text? Which team was it?

    they didn't mentioned!!

    Have you checked your code for vulnerabilities?

    that would be tough !!
    but how do they edited my php file???
    they didn't touched html ????
    why???

    @Rikhi55 said:
    btw i have changed my password...but still as i mentioned my doubt i fear the attack again!!! ๐Ÿ˜“

    Do not fear, if yu have changed password and your files have no known vulnerability there will be no problem.

    I hope so....

    Btw, maybe the hackers were Team_CC?

    whoever they are should mind their own business i was so disappointed ,by chance i had the codes backed up in my pen drive otherwise i would have been in a great trouble!!

  • If your website gets hacked, they could be using one of three points of entry:

    • Your client area account.
    • Your hosting account.
    • Your website's code.

    Changing both your client area password and hosting account passwords never hurts. And assuming your email account has not been compromised, it should safely eradicate issues #1 and #2.

    Issue #3 is a bit harder to solve. Outdated, poorly written or pirated software often contain security problems or backdoors making your website easy prey for hackers. If you suspect any software of your site falls into that category, it would be a good idea to remove it from your account.

    However, it's important to note that all these measures work preventatively. Since your account has already been hacked, you need to take more drastic measures.

    Since attackers have already been inside your website, they may have left a backdoor in it to easily access your account again later. That's why, ideally, you should rebuild your account. Take a backup of all the files currently in there, and then upload fresh copies of all softwares, plugins and themes you used on your website. After that, you can transfer any website specific files back from the backup (like user uploads), but make sure to take a good look at what you upload so you don't upload any suspicious files.

    @Rikhi55 said:

    Have you checked your code for vulnerabilities?

    that would be tough !!
    but how do they edited my php file???
    they didn't touched html ????
    why???

    It's tough, but it's necessary if you want to make sure your website will not get hacked again.

    It's possible the hackers edited files through FTP or a file manager, or by being able to execute PHP code on your account. If they can freely execute PHP code, they can also modify any file on the account, including other PHP files.

    But of course, the fact that they can edit literally any file in your website doesn't mean they always do.

  • admin what you wrote would be a good template for the knowledge base article :smile:

    I would add another reason
    Infected computer/device - some malware steals FTP logins
    and simply send login information to "creator" via C&C server
    so make sure to scan your computer for viruses regularly.

    Do not use a suspicious/unprotected/free wifi point,
    school computers and any other devices you don't have full control over it

  • It's possible the hackers edited files through FTP or a file manager, or by being able to execute PHP code on your account. If they can freely execute PHP code, they can also modify any file on the account, including other PHP files.

    access via FTP seems to be an alarming reason to me.....

  • you can view access and error logs (from client area) and searching for something suspicious like weird URLs, etc. and the IP address that requested it

    for serious digging you need a server administrator

  • edited July 9

    Never use ftp without SSL, it's highly vulnerable.
    I recommend turning on ftp-SSL (if supported)

    SSL is encryption between your ftp client & the server anyone who eavesdropping would just see jumble of nonsense.

    Run anti-malware scan on your machine, Change password for client & hosting. also if this isn't the first time try Re-setting your router to clear any malicious code running due to recent vulnerability and update it's firmware if possible.

    If using so called "Free Wi-fi" Don't use plain text over ftp.

    Hope this helps :)

  • @Lanturn said:
    Never use ftp without SSL, it's highly vulnerable.
    I recommend turning on ftp-SSL (if supported)

    SSL is encryption between your ftp client & the server anyone who eavesdropping would just see jumble of nonsense.

    Run anti-malware scan on your machine, Change password for client & hosting. also if this isn't the first time try Re-setting your router to clear any malicious code running due to recent vulnerability and update it's firmware if possible.

    If using so called "Free Wi-fi" Don't use plain text over ftp.

    Hope this helps :)

    Yes, it's true.
    You can use webftp.phpwebhosting.com and check the SSL option and ftp.epizy.com is supported with SSL and will connect through FTP with SSL and now it's not FTP anymore but is FTPS (File Transfer Protocol Secure).

  • @UnknownLolz said:

    @Lanturn said:
    Never use ftp without SSL, it's highly vulnerable.
    I recommend turning on ftp-SSL (if supported)

    SSL is encryption between your ftp client & the server anyone who eavesdropping would just see jumble of nonsense.

    Run anti-malware scan on your machine, Change password for client & hosting. also if this isn't the first time try Re-setting your router to clear any malicious code running due to recent vulnerability and update it's firmware if possible.

    If using so called "Free Wi-fi" Don't use plain text over ftp.

    Hope this helps :)

    Yes, it's true.
    You can use webftp.phpwebhosting.com and check the SSL option and ftp.epizy.com is supported with SSL and will connect through FTP with SSL and now it's not FTP anymore but is FTPS (File Transfer Protocol Secure).

    If you're worried about people getting access to your FTP credentials, then you definitely should not use just any FTP client you found online.

    If you use our file managers and FTP software on your computer, you know that only you and InfinityFree can access your account. On some random website, you don't know whether the website owner stores and shares your FTP credentials.

    FileZilla uses TLS (SSL) by default and so do our file managers. No need to enter your FTP credentials anywhere else.

    @OxyDac said:
    admin what you wrote would be a good template for the knowledge base article :smile:

    I would add another reason
    Infected computer/device - some malware steals FTP logins
    and simply send login information to "creator" via C&C server
    so make sure to scan your computer for viruses regularly.

    Do not use a suspicious/unprotected/free wifi point,
    school computers and any other devices you don't have full control over it

    This is not exactly a frequently asked question, but you're right, it would be a good idea to write this down so everyone can use it.

    And you're right on the infected device as well. If your computer is infected with malware, you left your login details on a shared computer or someone is listening in on your network connection, that's also a good way to get your account compromised.

  • edited July 11

    Everything seems good now and thank you all for sharing your valuable suggestions ....

    It's good that @Rikhi55 does not owe money to this guy :smiley:
    https://thehackernews.com/2018/07/web-hosting-server-hack.html

    That is one hell of a way to use your talent !!!
    ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚
    Btw it would have been better if he contacted authorities first,but there are always many situations/conditions...

  • edited July 11

    @OxyDac said:
    you can view access and error logs (from client area) and searching for something suspicious like weird URLs, etc. and the IP address that requested it

    for serious digging you need a server administrator

    @OxyDac i am unable to select day of access logs in cpanel !!

  • Are you using Webspell by any chance?

  • @Rikhi55 use an FTP client and download both folders and open files with notepad or some other text editor

  • I forgot to say if logs files are not erased

  • @Kalle801 said:
    Are you using Webspell by any chance?

    nope!!

  • @OxyDac said:
    @Rikhi55 use an FTP client and download both folders and open files with notepad or some other text editor

    thanks again but there it shows only error logs...there are no access logs there ???

  • @Rikhi55 said:

    @OxyDac said:
    @Rikhi55 use an FTP client and download both folders and open files with notepad or some other text editor

    thanks again but there it shows only error logs...there are no access logs there ???

    It is in Control Panel, in metrics section..

  • edited July 12

    I think there are only two reasons for that
    no one visited your website (a bit unbelievable because it should register at least your visit)

    another reason... I am an old user and for such it is known that logs can be stuck
    I even made a new acc two months ago and it's also stuck
    the last thing I seen in new acc logs is half of 6. month

    it is possible that in your case it is also stuck

    P.S. I apologize for the allegation that maybe the "intruder" has deleted the logs
    sometimes in the past it was possible but now I see that a new permision mode has been put in place that prevents it (what I see on my acc and I do not know how it is with new users )

  • @ChrisPAR I have the same problem as Rikhi55
    empty dropdown field there
    maybe it's a browser .. I did not test it

  • It's not a browser, it behaves the same to me (now that I tested it)
    I will create a support ticket and see.

  • edited July 13

    @ChrisPAR said:

    It's not a browser, it behaves the same to me (now that I tested it)
    I will create a support ticket and see.

    request a check for both logs..
    both error and access logs have same issue !!!

  • edited July 13

    @Rikhi55 said:

    @ChrisPAR said:

    It's not a browser, it behaves the same to me (now that I tested it)
    I will create a support ticket and see.

    request a check for both logs..
    both error and access logs have same issue !!!

    Official Statement/Reply:

    Hi there,

    You are correct, these have been disabled by admins recently due to issues with storage allocation.

    Please let us know if there is anything further we can do for you.

    Best Regards

    =============================================================

    iFastNet - Proud winners of the TMT Telecom 2017 "Best Premium Hosting" award.

    =============================================================

    As a CloudFlare optimized partner, you can now in a single click enable CloudFlare with FREE Railgun. This free option is available to all of our premium hosting clients! Read more here: http://blog.ifastnet.com
    Railgun usually costs $200.00 per month however it is completely free forever with our premium hosting!

    =============================================================

  • @ChrisPAR

    Hi there,

    You are correct, these have been disabled by admins recently due to issues with storage allocation.

    Please let us know if there is anything further we can do for you.

    Best Regards

    =============================================================

    iFastNet - Proud winners of the TMT Telecom 2017 "Best Premium Hosting" award.

    =============================================================

    As a CloudFlare optimized partner, you can now in a single click enable CloudFlare with FREE Railgun. This free option is available to all of our premium hosting clients! Read more here: http://blog.ifastnet.com
    Railgun usually costs $200.00 per month however it is completely free forever with our premium hosting!

    =============================================================

    Ok!!!
    Hoping that this issue get resolved soon!!

  • omg ! if they disabled it
    is it so hard to write there "currently disabled" ?! instead of leaving it so,
    and we have to wonder why it does not work

    btw. @ChrisPAR thank you for your time :wink:

ยซ1
Sign In or Register to comment.