Website Hack

[ddombadoh]

Hello All,

I have recently been attacked by hackers on my website. I can't seem to know the point of entry. The main index.php file was completely replaced by another, containing malicious code. My admin password was also replaced and my email was changed, all in the database. The most frequently attacked is the media folder, where some strange files have been placed. I also have the index.php page in admin directly replaced. Please help, as this is becoming a nightmare for me. I have to keep on checking on the site and replacing files that have been hacked. Any help will be greatly appreciated.

Thank you.

[DarkViper]

First the much important steps:

• change the password of your webspace admintool and your FTP account also
• change the password of your WB-admin account
• check the rights of all other WB-users and restrict their rights to a absolute minimum
• clean up your installation / webspace
• if your site still becomes defaced anyway, contact your hosting provider

these are the first steps only, if it does not help, response please.

Important: use secure passwords only! At least 8 chars (mixed upper- lowercase, numbers, special chars). Never use words which can be found in any dictionary or some names, birthday, and so on..)

[Bramus]

as we dont know what version you are running of the CMS, but keep in mind there was a vulnerability in the SQL Backup module (you can find it through the admin settings). You might want to remove that module as well.

Further on also change you MySQL password, FTP and all other passwords you were using in the environment as mentioned above.

[ddombadoh]

Thank you all. I have implemented all the above measures and now observing to see any improvements. Thank you all once again. I will definitely return if there is a hack again.

Thank you.

[BlackBird]

You may install dbWatch... uhm wait, what's the name... dbWatchSite. http://phpmanufaktur.de/cms/downloads.php