Results 1 to 5 of 5

Thread: How Did The Server Get Hacked?

  1. #1
    Dugdale Guest

    Default How Did The Server Get Hacked?

    My site got hacked into last night along with others. I know you are working on the issue but how did the hack happen? Should we be changing our passwords? Any information stolen? The server that has our Credit cards was that hacked too?

    Please be transparent and tell us what happened.

    Dave

  2. #2
    sniffydog2 Guest

    Default I agree...we need to know how to prevent this in the future

    Also, how to get files back! Hostek PLEASE let us know what's going on.

  3. #3
    Join Date
    May 2009
    Location
    Tulsa, OK
    Posts
    220

    Default

    A customer had an outdated version of joomla installed. A vulnerability in Joomla was exploited that allowed a script to process that injected information into the index files on the sites. We found the problem and disabled that site.

    Passwords were not compromised, but it's always a good idea to change the password (using a strong password: ie, upper case, lower case, number(s), characters, etc) from time to time.

    Credit card data for our accounts are on a totally isolated server, so no worry there. Additionally they are encrypted of course.

    NOTE: If you re-upload your index file, the site will start working right away.

    Update: Sept 28, 2010: I meant to come back and update this forum back in April and forgot. I wanted to mention that we have implemented several new security measures on the cPanel servers that should prevent this from happening in the future.

  4. #4
    rongoral Guest

    Default

    Thanks for the addressing our concerns, Brian.

    As Brian has recommended, I will be changing all passwords (including database user and email accounts) ASAP and ensure they follow "strong password" format. There is a forum thread about that here.

    The good news about this is that there is not a general failure of security consciousness with the webmasters. However, I would personally ask everyone to review your sites and code and ensure you are as tight and up-to-date as you can be. If you have downloaded and are using third-party scripts (ones that are not offered by Hostek), then be sure you understand what and how they are doing what they are doing so that you can review the security measures in place, or the lack of them. Though I don't use these sorts of scripts, I am reviewing my own code now.

    Peace in Christ -
    Ron
    Last edited by rongoral; April 2nd, 2010 at 01:01 PM.

  5. #5
    Dugdale Guest

    Default Thanks

    Thanks for letting me know what happened.

    One suggestion: it's great you have your server status page, but can you send us emails letting us know what happened too? Crystaltech does this.

    Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •