#1
  1. No Profile Picture
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    earth
    Posts
    364
    Rep Power
    13

    HELP, we're hacked


    pls. go here http://digidogstudios.com/

    can u see it, it was defaced, i deleted the index.php, index.html and still i can see that page. im not hosting this site, we're just hosted it on a webhost and still they cant figure it out so i want to help them cuz we are the one who will gain if it was fixed. hope somebody will help us. thanks.
    ...
  2. #2
  3. 11
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jul 2001
    Location
    Lynn, MA
    Posts
    4,635
    Rep Power
    82
    Well, it was fixed, apparently.

    What happened? If you or your host can't answer that question, you better start working hard to figure it out, otherwise you're living on borrowed time- you WILL get hacked again.
  4. #3
  5. No Profile Picture
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    earth
    Posts
    364
    Rep Power
    13
    btw, thanks for this reply, it was fixed, i will tell you how it was done. in my main.php, there is an include file <? include ("file.php"); ?> then the hacker overwrote that file ("file.php") and upload it to the server that's why it was defaced cuz that file contaains some crap HTML's. My question i got in my mind is how the hacker upload his own version of file.php and overwrote the file of ours there. thanks again
    ...
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    i looked into your html source code some days ago. the hacker left an email address for your admin to ask him how he did that if he canīt find out himself... did you / he try?
  8. #5
  9. 11
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jul 2001
    Location
    Lynn, MA
    Posts
    4,635
    Rep Power
    82
    If you don't know how it was overwritten, then you are doomed to be hacked again.

    Examine your web server log files carefully- assuming this was a remote attack and the cracker didn't blow away the logs, you should have a pretty clear record of what happened there.

IMN logo majestic logo threadwatch logo seochat tools logo