A frind's site got HACKED...what can be done now???

And the really sad part is, people like this usually don't even know what they're doing. They just get tools online to do all the work for them...

I hope your friend's webhost has backups. Most hosting companies charge to restore the site though.....

 

Damn, that guy is all over the place.

 

and only 18 years old......

 

It can be fixed.
She needs a web programmer / database guy to undo what was done, then install the latest version of the bulletin board software that most likely has the exploit the hacker used blocked with a security update.



Her web host will give her:
1) FTP login info
2) database login info
3) control panel login info
4) backup files (we keep hourly backups for 96 hours)

And it can all be put back. If the web host has no backups she needs to find a new web host (my company does this).

Good luck!

 

Sending an email to a hacker is a bit silly and pointless. It may feel good to the sender but is lost on the hacker. What may work in real life doesn't always work on the internet.


Best thing to do is restore from a backup. As previously stated, contact the hosting company for assistance.

IF no backup, then go about changing usernames, passwords, etc and start rebuilding the site.

Sorry to be all doom and gloom, but I am just speaking from experience over the years.

 

I doubt he has the skill set to get into that. If she has Go-Daddy as a host, I would think their security would be pretty robust. They might have gotten in on her computer and gotten any FTP information saved off of that.

Did she recently get a virus on her home computer?

 

You can still view some of the pages on the domain....

http://www.kitkatsparrotchat.com/archive/index.php?f-114.html

Just try and see if she can upload the index.php and related pages, to see if they work.

 

Yep it looks like the board is mostly there from what I can tell and he just got the home page as was mentioned, he's probably more of an amateur hacker with scan tools to find vulneribilities and security holes in websites. http://www.kitkatsparrotchat.com/archive/index.php

 

Some hacker... using code he stole from Piczo... yeah what a badass he is. He's not a hacker he's a script kiddie.
-------------

OP from the sounds of it, all he did is write over your index.php.

Here is what you want to do.

1) Figure out how he got in. I know this sounds like goofy advice to give to a layperson... if you could do that you would not be posting here. (granted, but keep reading) It was probably a known exploit of her board software. (if this guy is all over the place, that is the most likely problem, it is doubtful he hacked her machine but have her run malwarebytes just to be sure.)

1A) One way to learn more about him, even if you're a layperson is to google that stupid message he uploads and check out the sites he exploited. If they all ran 'super deluxe chat 1.0' and 'super deluxe chat' is now on 3.0 that pretty much tells you how he's getting in.

2) If the archives and the store are there, then I'd guess with about 90% certainty he simply overwrote your index.php file. (you might see, he might have even renamed it but that is doubtful) If that is the case, the first thing you want to do is download the same version she was running, get the index.php out of the zip file and upload it to the server. (rename his first)

From what has been said on this thread, I'd stick by my guess, you'll have a 90% chance of getting the site back on line basically instantly. This step can do no harm and might pay off big time.

3 IF THIS WORKS... RUN DON'T WALK to upgrade whatever chat software she runs to the latest version. (NOTE... backup everything including your databases first)

-----------

If you need more help or have a question you don't want to ask publicly, feel free to PM me. I've owned a hosting company for like a decade or so.. I'll be more than happy to help you..

I know Rob is talking to your voice, but if he's busy or similar, I'll back you guys up.

 

OP I did step #1 for you. She was(is) running vBulletin v3.7.3. Google tells me there were well documented SQL injection problems known back in 2008. So we pretty much know where to start.

After maybe 10-15 minutes, I'm 97.321% sure a simple index.php file will get you there.

Since that is pay software, I can not download the index.php for you. (I was going to attach it)

You have four choices.

1) Find an old copy she has somewhere. (any aged backup will work, even the original download file)

2) Download it from vBulletin / beg for it on their forum.

3) Get it from another webmaster.

Since Rob has been here 100 years and very tech savvy, I'd bet a donut, he has an archive of 3.7.X around somewhere.

If not google the exact vBulletin footer from her archive page and you will find a few thousand webmasters that will gladly help you out for the tip they can easily be hacked.

The fourth option is to just upgrade vbulletin to the latest stable release but I'd be MUCH more comfortable getting that index back in place first.

-----------
and of course reset all passwords etc

 

A kid from school did just that. He got off free for showing them a thing or two...

 

Why does she need to pay godaddy $150 to update the board?

While I would REALLY like to get that index.php file back you don't need it, you can just upgrade. Also I'm pretty confident you could find a tool to migrate your vBulletin to SMF or similar.

(one google search lead me here) http://www.simplemachines.org/community/index.php?board=134.0

Here's what you do.... go to Odesk and ask for someone to migrate her from vB to SMF or the board of her choice.

30 bucks later your problem is solved. No joke.

 

Odds are 3.7.2 would work... or at least enough to confirm that the database was fine.

If she's not going to pay for a lic upgrade, she's better off migrating to another forum than continuing to run a version with several known exploits.

 

If she's looking to change sw, she should look into http://xenforo.com/community/