FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


"Hacked by *HBG*!" ...any advice or experience?





watersoul
I have had a locally based blog for the last couple of years which has been hacked and the index now shows:



I shall take the hackers at their word and have not attempted to log-in to the wordpress admin of the blog which is hosted on my paid hosting, but I was wondering if anyone had any good advice regarding my next steps.

The rest of my hosted sites are fine, including my business site, so I assume it is the Wordpress admin which has been hacked. That said, would it be easiest to just access my cpanel and delete the whole lot, or should there be other things I need to consider?

I don't mind losing the blog, even though I never backed it up (doh!) what's gone is gone, but I'm more concerned with making sure I do nothing to worsen an already unfortunate situation Wink

I've no idea why I was targeted, bot perhaps? I didn't post with the 'admin' account and had a long alpha/numeric password which I'd not used in a long time so maybe it just got cracked?
I've upset a few local political figures on the blog a few times, but my views are generally what I'd expect an anti-establishment hacker type to ignore!

Any experience/advice shared here will be gratefully received.
deanhills
I guess you've already let the owners of the hosting service know what happened to you? I'd ask them to completely delete your cpanel account and create a new one from scratch.

Hopefully you have a backup of your blog? If yes, you can then load it fresh. If no, the tech admin at your hosting service may be able to help you.

First thing I would do once you're up and running again is to get rid of the default Admin user account. Young script kids love to hack their way into admin accounts for sport, and their first target is usually the Admin User Account.

There are some steps in the Website below of how to set up a user account with admin status, and how to delete the default Admin user account:
http://www.bobwp.com/how-to-delete-your-default-admin-user/

It's never a great idea to create your blog posts with an admin account either. Better to use a unique user account with a really good password and one that is changed regularly.
watersoul
I haven't contacted the hosting company yet because it appears to be only the 'admin' account of the wordpress blog associated with a particular domain name. As far as I can tell there is no risk to the rest of my cpanel, but I cannot say 'I know this'.
Deleting the whole account risks re-build time and effort for a few sites including my business domain so I am very reluctant to go down that road.
Any knowledge of 'HBG' as a hacking group? Google isn't throwing much up for me so far.

...and yes, next time I'm up and running I'll delete the 'admin' account! Embarassed
deanhills
watersoul wrote:


...and yes, next time I'm up and running I'll delete the 'admin' account! Embarassed
You'd be surprised how many Geeks are actually using an admin account. I think most geeks learn to change it the hard way, after they have been hacked, not before. Razz

I am familiar with some of the hacking groups - but this one is unfamiliar to me.

I agree, if you have so much on your cPanel, then I'd be reluctant too to start from scratch.

Perhaps a good start would be to make a back-up of everything first and download it to your hard disk.

Then see what you can do with WP. How much work are you willing to put in? As there is the export import feature you could use. You can then delete your WP and start it from scratch and import all of your blog posts. Could even be a great opportunity for editing out the blogposts you don't like.

http://wpapprentice.com/videos/install-and-configure/import-and-export-wordpress-data/
watersoul
deanhills wrote:
Then see what you can do with WP. How much work are you willing to put in? As there is the export import feature you could use. You can then delete your WP and start it from scratch and import all of your blog posts. Could even be a great opportunity for editing out the blogposts you don't like.


Probably hit the nail on the head there, I'm not that interested in putting too much time in to save everything.
Don't get me wrong, I'm gutted about losing many long, detailed, and well researched posts which I was very proud of, but I'm more concerned that some snide code could be hidden away in there somewhere now, and total deletion will be safer.

Definitely learned my lesson though haha, always good to share failures so others heed the example! Laughing
deanhills
watersoul wrote:
but I'm more concerned that some snide code could be hidden away in there somewhere now, and total deletion will be safer.

Definitely learned my lesson though haha, always good to share failures so others heed the example! Laughing
Right. We always think it only happens to others. I'm one of those too.

I'd be worried about code hidden away somewhere too. I think I'd get totally neurotic if it had happened to me.
standready
Now, why did they go and pick on watersoul? Have you contacted your hosting provider yet? Maybe they have a backup for you.
coolclay
Wow that's crazy. As mentioned it was probably some wannabee hacker n00b. Either way scary stuff, guess I should double check security of my site. Sorry for your luck Watersoul!
dxverm
That's a bummer man, hope all works out and don't for get to let your hosting provider know!
Blaster
Well that sucks best of luck at getting everything back. I always try to save the basics of my business website in case anything ever happens. Mine is also just a static website that never updates or anything like that. I'd suggest doing this at least in the future.
sonam
The most provider have backup of their customers sites. Contact them for help. BTW they have other tools in WHM or servers where they can change password or back up your blog. Good providers for sure have lot of experience with same situations in the past. Cool

Sonam
truespeed
Is your wordpress up to date? If you can login I would,then just update if you need to,possibly doing a fresh install to make sure you have clean files.
DesquisiadoMoral
Shocked

That's bad news brother I hope you can restart your webpage soon. I'm getting a bit paranoid because anybody could happened Confused .
I have some question about that:

1) What happened here? Could be by an admin account?
2) How the hell can they take hold the webpage? What kind of security we need to keep secure our page?

Thanks
watersoul
Cheers for the replies so far, it may be a little worse than I thought as I can't get into cPanel for my server space either now.
I had a really strong password for that, well 5 to be honest which I rotate monthly, definitely not made a mistake but login is failing for all of them.
Just emailed the host company so I'll update when I have a better idea of what the damage is.

@Truespeed, I've shied away from logging into wp-admin due to the tiny chance that it could now be 'a trap' Shocked
Can't say I've actually heard of such a specific thing happening to anyone before, but I thought of it so other less than nice people could as well.
Taking the hit and deleting the lot may be something I've just gotta face and learn from the experience.
deanhills
watersoul wrote:

Taking the hit and deleting the lot may be something I've just gotta face and learn from the experience.
Maybe you could keep your business Website on your paid subscription, and shift the WP blog to a free hosting service. Like diversifying the risk? Also consider the possibility that the hacker may have a proprietary interest in your space now. Could be good to completely relocate and rename your blog.
Blaster
Let us know and best of luck with everything.
watersoul
Got access to cPanel again, deleted the WP blog and database, found/remembered a backup from Feb 2013 which I re-installed, now only lost 11 months of posts.
Bit gutted about the lost publications but glad of the lesson...won't make the same mistake again!
Peterssidan
Have you checked if archive.org or Google and other search engines has cached your blog posts? Maybe you can retrieve some of them from there if you are quick.
johans
i saw flags in turkey and Pakistan flag.

I just wonder if the are a good hacker. Most hacker i encounter are in China and Russia.

I guess you need to check again your security and folders on your site. What platform are you using?
grofet
Maybe you should check the database still exist or not. If the database of the blog still exist you just have to install the new wordpress blog with the same database. Make sure the wordpress cms script is the latest one. After the installation you have to change the password. I think it would be better if you choose wordpress free blog or blogger free blog for the best security. If the database is not exist you can try find your blog cache in google search engine. Type site:yourdomain.com and the press enter button to see your blog post that still exist in google search engine. I hope it can help you to restore you blog. Thank you very much.
Josso
watersoul wrote:
Got access to cPanel again, deleted the WP blog and database, found/remembered a backup from Feb 2013 which I re-installed, now only lost 11 months of posts.
Bit gutted about the lost publications but glad of the lesson...won't make the same mistake again!


I prefer to have a cronjob backup or something similar to make sure backups are up to date. You may want to contact your hosting and check that your email account has not been compromised. Bunch of new passwords for you methinks
watersoul
Josso wrote:
Bunch of new passwords for you methinks
Haha you definitely hit the nail on the head there, already on it!
I think it is all ok again now, no 'admin' account on newly restored blog, username alias and ridiculously long upper/lower case alpha/numeric password for the wordpress account and pretty much everywhere else that could be linked to the site.

Thanks for the suggestions everyone has offered here, I had a look at Google cache and found most of the last 12 months posts but I'm letting go of it, with the replies/discussions now missing I can't be arsed cutting n pasting. Learned from the experience!
harrer
If you don't care about the blog.
Open your hosting folder
Delete the wordpress folder.
Change hosting password.
Reinstall woedpress.
Dont use admin as username.
Search google for tips on hardening wordpress and use them.


BTW, these hackers usually dont blackmail and stuff. They just do it to show off
Related topics
Google Hacked?
Php-Nuke Site -- How likely is it going to be hacked?
Girl, Please Fall in Love with Me
Need Advice on a girl (interesting thread)
Wireless networking advice needed.
[Need Advice] -- Sleeping Pills
Paypal Hacked!
Advice on buying an HDTV?
need advice on website format for non profit group
Need advice for those with Online Retail design experience.
Need advice in starting a business doing IT repair/service
My Photos
Improving Computer Performance
Job Experience? Seeking advice pls
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.