HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Incident Responsearrow blog hacked. so , what to do?
EH-Net
May 22, 2013, 12:27:57 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: blog hacked. so , what to do?  (Read 13993 times)
0 Members and 1 Guest are viewing this topic.
ronsmith00123
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: August 09, 2012, 07:25:28 AM »
X-line hacked my personal webpage. Lead me in order to fix it up. Regards
hxxp://weddingsvermont.com
« Last Edit: August 12, 2012, 10:33:01 AM by don » Logged
Jamie.R
Sr. Member
****
Offline Offline

Posts: 429


View Profile
« Reply #1 on: August 09, 2012, 07:57:35 AM »
Do you have any sort of backup ? I think the first step would be trying to work out how they done it as if you just reupload your site they will do it again.

It looks like you are running wordpress did you keep it upto date ?
Have you tried to run tools like wp-scan to identify any issue on your site before it got hacked?

Do you even have access to the site any more ?
Logged
OSWP | Hackingdojo Nidan | eCPPT
shadowzero
Full Member
***
Offline Offline

Posts: 120


It's a UNIX system, I know this!


View Profile
« Reply #2 on: August 09, 2012, 08:03:01 AM »
Pretty sure you posted a the same question here before. You were advised to upgrade your WordPress installation and plugins.
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #3 on: August 09, 2012, 08:31:28 AM »
I'd suggest contacting your hosting provider for further assistance(*). They should be in the best position to assist you with recovering the site quickly and efficiently.

Once this is done, you'll need (unless you want a re-occurance) to find the hole and fix it. Updating as suggested 'may' be sufficient; but again, you hosting provider(*) should be able to assist in identification of the successful attack vector.

And judging from the defacement page message, I'd possibly also suggest not annoying the less trustworthy denizens of the 'net.

N.B. (*), depending on service contract, additional assistance in this matter may chargeable etc.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Jamie.R
Sr. Member
****
Offline Offline

Posts: 429


View Profile
« Reply #4 on: August 09, 2012, 08:54:52 AM »
Yah it might be worth letting them know as other website maybe affected.
Logged
OSWP | Hackingdojo Nidan | eCPPT
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #5 on: August 09, 2012, 09:39:26 AM »
I think it should also be pointed out that you misspelled "Vermont" in the copyright line at the bottom of the page. (Unless that was part of the defacement as well, but I don't think it was.)
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #6 on: August 09, 2012, 09:43:41 AM »
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

 Grin
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
shadowzero
Full Member
***
Offline Offline

Posts: 120


It's a UNIX system, I know this!


View Profile
« Reply #7 on: August 09, 2012, 10:04:22 AM »
Quote from: tturner on August 09, 2012, 09:43:41 AM
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

 Grin

I too suffer from a healthy dose of paranoia caution. I used netcat to view it. Smiley
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #8 on: August 09, 2012, 02:45:47 PM »
Quote from: tturner on August 09, 2012, 09:43:41 AM
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

 Grin
Throwaway VM snapshot via Tor Smiley
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Jamie.R
Sr. Member
****
Offline Offline

Posts: 429


View Profile
« Reply #9 on: August 09, 2012, 03:07:06 PM »
Yah really good point always use protection Tongue

When viewing sites that have been hacked!!
Logged
OSWP | Hackingdojo Nidan | eCPPT
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.096 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.