I was hacked!!!

[theesfield]

My personal website and my online store was hacked. Summer caught it and sent me a note. ..cr.: Why are people so mean? ,f:: I'm all about NO war...and now so is my website ..cr.:

Nilaja

[sumayasaahir]

Oh Hugs! You poor thing, that sucks!

[angelique2]

I feel for you,,,, I had it happen to me, not that long ago.

[laura 2]

Oh no!!!!!!!

[azahara]

Sorry , some people are just big dumb animals who only feel better by bullying on others .

[angelique2]

Is there anyway to get your sites back?
I found out a friend stole my mine. I was able after 2 days got my myspace and email accounts back. Bbut it was a lot of crap trying.......

[theesfield]

I haven't a clue. I have no idea what to do. I contacted my web master. He said he would download the site and look into it, but it might take a while. ::sigh::
Nilaja

[*Shira*]

Do you happen to know whether your web hosting company runs the Microsoft web server, the Apache one, or something else? I've heard that Microsoft ones are easier to hack into than Apache, but I don't know how true that is.

[theesfield]

Webmaster to the rescue! I'm fixed..but he's still trying to figure out how they did it. Apparently they are very sneaky. But I am up and running again. Thanks for the heads up Summer!

Nilaja

[kharis_UK]

My personal website and my online store was hacked. Summer caught it and sent me a note. ..cr.: Why are people so mean? ,f:: I'm all about NO war...and now so is my website ..cr.:

Nilaja

You have a php website. These are notoriously easy to hack.

[sabrinabellydancer]

so sorry to hear that.
i deal with that stuff every day so can totally empathize.
kudos to your webmaster for getting the fix in so quickly. sounds like a real pro.

re servers: microsoft iis v. linux + apache
there are holes and back doors in every system i have every seen. that is the nature of a human made programing. unfortunately they can all be hacked with the right know-how.

make sure your usernames and passwords are as complex and secure as possible and remember to change your passwords often.

and back up , back up, back up!

ok, that is the end of my computer geek lecture - rant.
glad all is well again.

[Surida]

What a horrible ordeal to have to go through!!! I am SO glad that things are okay for you now.

[theesfield]

I am utterly clueless when it comes to thiese kinds of things. I am lucky that I know how to update my store with new product and update my website with new info (although my website is still under construction..that's because I am clueless!) So when you tell me I have a php website...I don't know what that means. And my webmaster tells me to back up my website and download raw templetes...I don't know what he is talking about! I feel like such an idiot! I just can't get a grasp on this thing!
Nilaja

[Asim]

I am utterly clueless when it comes to thiese kinds of things. I am lucky that I know how to update my store with new product and update my website with new info (although my website is still under construction..that's because I am clueless!) So when you tell me I have a php website...I don't know what that means. And my webmaster tells me to back up my website and download raw templetes...I don't know what he is talking about! I feel like such an idiot! I just can't get a grasp on this thing!
Nilaja

OK, here's web site 101. Please note that this is all quite generalized:

Essentially, web servers do nothing but copy files over the 'Net. Apache or Microsoft's IIS are at the core of this process, taking commands from (usually) your browser, and sends files (and other data) back to the browser in response. It copies the HTML file, and then copies each image the HTML file refers to; this is part of the reason image-heavy sites will sometimes appear without the images for awhile on slow connections.
PHP is sort-of an add on, or plugin, to Apache or IIS; it allows a program to generate HTML on the web server, as opposed to storing it in a file. This means the website can be modified by a program in response to some kinds of interactions; for example, almost every page on Bhuz is not a HTML file, but the output from a PHP program (you can tell by looking at the link; the ".php" indicates that the PHP program generated the page you're looking at). This is all done on the server, and the PHP code is written in such a way that the web server knows to send it as HTML that your browser can read like a HTML file.
Because it's code that's running in your web server, and your web server has access to the Operating System (like Windows) it's running, you can attack a PHP page, and get it to run stuff on the actual Operating System. Windows, and IIS, have been historically notorious for allowing such attacks, but have become much better over the last couple of years. This is the mostly likely attack vector; someone saw that you're running PHP, and used a weakness in PHP to get to the web server, and then to the Operating System. It's one of a thousand ways to get in, however, and no reason to remove PHP.

Your web guy should at least be upgrading PHP and Apache to the latest versions, and studying how they got in, so as to avoid future attacks along that vector. You really, honestly, shouldn't have to worry about this, and should not feel bad that you don't know -- LOTS of technical people I know aren't aware of how systems can be cracked. It's a lot like finding out how your car's fuel injection works, and is why you look for a good mechanic. :)

Does this help?


----asim, who pays the dancin' bills by developing database-backed web applications in the Security Dept. of a major financial institution.

[theesfield]

I read your whole explaination. And I tried to understand it to the best of my knowledge. I appreciate you taking the time to educate me. Thank you so much! :off to lay my head down..it's spinning from all that techy talk:
Nilaja

[SamarDahab]

you're welcome nilaja. I just wanted to see the store and was very surprised when that came up. Glad it's working now. I'll take a look again.

[angelique2]

I am happy that you got your web page back!!!

[shaynaz]

So did they steal any info or just put up a bunch of nonsense on your site?

[theesfield]

as far as we know, they just put up a no war message on my site. When we did a search on these hackers, they hack sites by the hundreds and put up their message.

Nilaja

[AngelaDiCaprio]

hugh?..c::

[azizaraks]

That's messed up. ,m:: Sorry to hear that happened to you Nilaja!!

[Lisa Michelle]

Good thing you found it before it had been there for too long! Glad it is fixed for you.

And thanks Asim1 for the great techinical advice!

Lisa