We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

site got hacked!!!! index.php changed automatically | Forum

Ash
Ash Jul 31 '20
Hello freinds


this is an emergency.... someone hacked my site and entire index.php file got changed...and got repalced by a porn site


is it possible or someone logged in and did it intentionally???


its so un-fare and so fuking wrong, i am terribly upset.. 


plssss plsss guide me how to secure my oxwall site... i never anything wrong with anyone

The Forum post is edited by Ash Jul 31 '20
Marcus
Marcus Jul 31 '20
have u recently added some custom php code or installed custom plugin? 
Marcus
Marcus Jul 31 '20
whats ur hosting 
Senior Developer Leader
Senior Developer Jul 31 '20
I can help to fix it, we need more info to know how did they do it to prevent this from happening again. This need a deep inspection, if you want I can take a look at your server to see if I can find out how did they do it.


4 years ago I got hacked because I installed WordPress and there was a zero day vulnerability, which caused that an automated hacker-bot replaced all my index files adding extra code for redirection to a porn website. This bot scanned all the internet and did the same to hundreds of thousands of websites.


Is your website in a shared hosting, VPS or dedicated? Do you have any other web software or CMS installed? What was the last plugin that you did install on it and when? Are you using Oxwall or Skadate?


Senior Developer.

dave Leader
dave Jul 31 '20

Thanks everyone, he sent me a PM but i was not here..


Ash, first of all relax and breathe,  you will make mistakes if you are too emotional when trying to fix things... relax and we will help you get your site back....


I think he has a dedi and is running cPanel and WHM.   He might want to go ahead and run the virus scanner that comes with cPanel at some point to check the files and the environment.


It may be easy to fix, maybe they just replaced one file, the index...   However the challenge is learning how they did so by checking the logs. 


You are in good hands with Chris_W and SD ash... best of luck... :)

The Forum post is edited by dave Jul 31 '20
dave Leader
dave Jul 31 '20
Topic was moved from General Questions.
Ash
Ash Jul 31 '20

Quote from Marcus have u recently added some custom php code or installed custom plugin? 
I have quite few plugins but i checked all of them deactivating, and none of the one were the reason, also i have stoped using stale old plugins and only using best rated plugins of good developers like Dave, Sr.Developer, Patricia, ArtMedia etc (those who are active in forum and seems genuine)
The Forum post is edited by Ash Jul 31 '20
Ash
Ash Jul 31 '20

Quote from Chris_W I had a similar problem a couple of years ago. A rogue employee at the hosting had edited the .htaccess file to redirect to another domain. That would mean he could alter anything else as well.


There are only three ways I know of to change which site opens, the one mentioned above, and someone getting hold of your hosting admin/ftp username and password, and as you said replace some or all of the files. Another way is to access your Oxwall admin and add an html redirect in the custom head code box.


The index.php isn't unique to your site, just put the original one back via ftp. Also check the file date/time on the .htaccess file to make sure it is the original edit.

Yes this is what i did, i took the original file from gethub and replaced it to solve it
Ash
Ash Jul 31 '20

Quote from Senior Developer I can help to fix it, we need more info to know how did they do it to prevent this from happening again. This need a deep inspection, if you want I can take a look at your server to see if I can find out how did they do it.


4 years ago I got hacked because I installed WordPress and there was a zero day vulnerability, which caused that an automated hacker-bot replaced all my index files adding extra code for redirection to a porn website. This bot scanned all the internet and did the same to hundreds of thousands of websites.


Is your website in a shared hosting, VPS or dedicated? Do you have any other web software or CMS installed? What was the last plugin that you did install on it and when? Are you using Oxwall or Skadate?


Senior Developer.

I am using shared hosting of fastcomet sir and installed oxwall from softaculous
Ash
Ash Jul 31 '20

Quote from dave

Thanks everyone, he sent me a PM but i was not here..


Ash, first of all relax and breathe,  you will make mistakes if you are too emotional when trying to fix things... relax and we will help you get your site back....


I think he has a dedi and is running cPanel and WHM.   He might want to go ahead and run the virus scanner that comes with cPanel at some point to check the files and the environment.


It may be easy to fix, maybe they just replaced one file, the index...   However the challenge is learning how they did so by checking the logs. 


You are in good hands with Chris_W and SD ash... best of luck... :)

Sir this site is not on dedi the one as you know. Yes i will try to take their help Chris and SD, as of now just removing all the extra theme and plugins which are of aron which i bought and also getting a site scan running by hosting guys
dave Leader
dave Jul 31 '20

If you indeed got hacked, i would change all your passwords immediately, cpanel, whm, root, ssh, ftp.  I believe with cPanel if you change your main password the others are changed automatically, but i could be wrong.


Also change your ssh port to a non standard port in case they are getting in via ssh, use a port number between 1024 and 32,767


I usually use this as a guide and just pick one that i feel is not used that often...


https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers


just remember to change your login to use that new port number...


The Forum post is edited by dave Jul 31 '20
dave Leader
dave Jul 31 '20
ash i thought you were running a dedicated server, how are you doing all those huge projects on a shared server?
dave Leader
dave Jul 31 '20

 Oh ok...


Well thats one of  your problems right there, using arons old plugins, they are very insecure.

The Forum post is edited by dave Jul 31 '20
Ash
Ash Jul 31 '20

Quote from dave ash i thought you were running a dedicated server, how are you doing all those huge projects on a shared server?
Sir i show unlimited times demos to client till they are satisfied limited to 100users on shared then shift them on dedicated.
Ash
Ash Jul 31 '20

Quote from dave

If you indeed got hacked, i would change all your passwords immediately, cpanel, whm, root, mysql, ssh, ftp.  I believe with cPanel if you change your main password the others are changed automatically, but i could be wrong.  Of course SSH and FTP have to be changed manually.


Also change your ssh port to a non standard port in case they are getting in via ssh, use a port number between 1024 and 32,767


I usually use this as a guide and just pick one that i feel is not used that often...


https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers


just remember to change your login to use that new port number...


Yes sir, i have changed the passwords, looking on your inputs of these now..
The Forum post is edited by dave Jul 31 '20
Ash
Ash Jul 31 '20

Quote from dave

 Oh ok...


Well thats one of  your problems right there, using arons old plugins, they are very insecure.

Yes his plugins are the biggest junk, i took risk everytime buying and then half of them i had to claim money back on paypall, becasue no options but to use since no same alternative available in store... i pray to god that you guys pls make arons alternate plugins... 


his plugins not even getting deleted after uninstall... its just like leech sucking my blood

The Forum post is edited by dave Jul 31 '20
dave Leader
dave Jul 31 '20

in time i feel someone will make new plugins... 


i did edit your post i replaced the c... word with the word junk :)  (profanity policy) 


Also SD is better at the current backend server processes than i am... he can help you more there... :)

The Forum post is edited by dave Jul 31 '20
Ash
Ash Jul 31 '20

Quote from dave

in time i feel someone will make new plugins... 


i did edit your post i replaced the c... word with the word junk :)  (profanity policy) 


Also SD is better at the current backend server processes than i am... he can help you more there... :)

ok
dave Leader
dave Jul 31 '20
One other thing ash,  it might not have been your site they hacked, they could have hacked the server itself and then attacked individual sites. 
dave Leader
dave Jul 31 '20
Lets give SD and Chris_W some time to reply  :)
Pages: 1 2 »