|
ronsmith00123
|
 |
« on: August 09, 2012, 07:25:28 AM » |
|
X-line hacked my personal webpage. Lead me in order to fix it up. Regards
hxxp://weddingsvermont.com
|
|
|
|
« Last Edit: August 12, 2012, 10:33:01 AM by don »
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #1 on: August 09, 2012, 07:57:35 AM » |
|
Do you have any sort of backup ? I think the first step would be trying to work out how they done it as if you just reupload your site they will do it again.
It looks like you are running wordpress did you keep it upto date ?
Have you tried to run tools like wp-scan to identify any issue on your site before it got hacked?
Do you even have access to the site any more ?
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
shadowzero
|
|
« Reply #2 on: August 09, 2012, 08:03:01 AM » |
|
Pretty sure you posted a the same question here before. You were advised to upgrade your WordPress installation and plugins.
|
|
|
|
|
Logged
|
|
|
|
|
Andrew Waite
|
|
« Reply #3 on: August 09, 2012, 08:31:28 AM » |
|
I'd suggest contacting your hosting provider for further assistance(*). They should be in the best position to assist you with recovering the site quickly and efficiently.
Once this is done, you'll need (unless you want a re-occurance) to find the hole and fix it. Updating as suggested 'may' be sufficient; but again, you hosting provider(*) should be able to assist in identification of the successful attack vector.
And judging from the defacement page message, I'd possibly also suggest not annoying the less trustworthy denizens of the 'net.
N.B. (*), depending on service contract, additional assistance in this matter may chargeable etc.
|
|
|
|
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #4 on: August 09, 2012, 08:54:52 AM » |
|
Yah it might be worth letting them know as other website maybe affected.
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
ziggy_567
|
|
« Reply #5 on: August 09, 2012, 09:39:26 AM » |
|
I think it should also be pointed out that you misspelled "Vermont" in the copyright line at the bottom of the page. (Unless that was part of the defacement as well, but I don't think it was.)
|
|
|
|
|
Logged
|
--
Ziggy
eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
|
|
|
|
tturner
|
|
« Reply #6 on: August 09, 2012, 09:43:41 AM » |
|
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.  |
|
|
|
|
Logged
|
Certifications: CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP WIP: OSWP, GSSP-JAVA, GXPN Udacity on hold, again. I suck. http://sentinel24.com/blog @tonylturner http://bsidesorlando.org |
|
|
|
shadowzero
|
|
« Reply #7 on: August 09, 2012, 10:04:22 AM » |
|
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it. I too suffer from a healthy dose of paranoia caution. I used netcat to view it.  |
|
|
|
|
Logged
|
|
|
|
|
Andrew Waite
|
|
« Reply #8 on: August 09, 2012, 02:45:47 PM » |
|
Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it. Throwaway VM snapshot via Tor |
|
|
|
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #9 on: August 09, 2012, 03:07:06 PM » |
|
Yah really good point always use protection  When viewing sites that have been hacked!! |
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
