My Website got hacked!

[TcM]

Well on September 10th my website got hacked. A subfolder contained an index.html saying that this website was hacked from a Turkish '''person''' Thanks God it was just an unused subfolder.

Any ideas on how to increase my websites security?

If this is not the right forum please move it.

[c0de]

Hmm, how do I know turkish people they do not hack web sites if your web site contained any photo, video, or anything what turkish people don't like it, or they hack web sites to tell you what your site has opens..
Try using some meta tags about security, use this, I think this will help you a bit!

HTML Code:

<meta name="security" content="medium" />

In place of medium you can use high or low, but can I view your source for a good answer to your question?

[Jordan]

Most hackers are "Script Kiddies" from my experience and most of the time they gain access through a script. Do you have any scripts that allow uploading?

[TcM]

@c0de: What do you mean? What are those meta tags supposed to do? And sure you can view the source! Just click View --> Source

@Jordan: Yes I have, but the script removed the extension and renames the uploaded file to a random string, but this one was named as index.html, so I don't know how the heck he did it!

btw the website hacked is FindItGlobally.com - Business Directory and the subfolder www.finditglobally.com/upfile (this now redirects to FindItGlobally.com - Business Directory, the subfolder where the script uploads the files.

Just to let you know, I changed the cPanel password, and made index.html in every subfolder where there is no index.html and now they redirect to FindItGlobally.com - Business Directory

[TkTech]

Can you give any more details on the >>cracker<< ( God I hate when people misuse the word hacker. Its CRACKER not hacker. )

You'd be surprised what I can dig up with a little info.

[TcM]

Well All I can say is that in his nickname there was something like blalba-IsTaMbUl or something similar (I do not remember the blabla part), the page background was black and it had a big image with the Turkish symbol (the one on their flag) and it was very....uncool (the image) He even had a website the same as his nickname

I can't remember more, because I deleted the index.html.

BTW, to upload there is a cpanel to manage the website, and to upload you have to add a new entry (as this is a business directory) but there are none added. You cannot upload without adding an entry! When I say entry I mean something like this:

FindItGlobally.com - Business Directory >> Framegrip Ltd - Detailed Information

You Have to! So I don't know how the heck he uploaded it. And as I said the file name is renamed.

And sorry for using Hacker.. although I think he is a Script Kiddie (Pawned) <- Dam that!

[Kaabi]

I don't get why when websites get hacked they can't easily get reuploaded.

[TcM]

Well that's not the answer.. the answer is finding and fixing the security issue! and why should I re upload all my websites because of some n00b, thinking he can PawN?

[kresh7]

so dident saw this topic before so hackers use rfi remote file inlclude to put a .php or a .txt now it works with .jpg and .gif too
the hackers find a bug in your page and then the put that php file or some other file into your host the mos use c99.php its a shell that allows me to to anything what i want in your site i can connect to the site with netcat and do more damge to your site
when i hacked i puted into the site a phpmailer and spamed until the web closed an other method is xss cross site scripting withthat way the "hacker" steales your admin cookie and gets access through your site
and other way that i dont know how to explain is rooting
if you wanna protect your site use htaccess or meta taks like someone above sad

[TcM]

I don't know if this cracker use any of those scripts :S I have no idea how he did it!