PDA

View Full Version : How Did The Server Get Hacked?



Dugdale
April 2nd, 2010, 09:17 AM
My site got hacked into last night along with others. I know you are working on the issue but how did the hack happen? Should we be changing our passwords? Any information stolen? The server that has our Credit cards was that hacked too?

Please be transparent and tell us what happened.

Dave

sniffydog2
April 2nd, 2010, 09:58 AM
Also, how to get files back! Hostek PLEASE let us know what's going on.

Brian
April 2nd, 2010, 11:51 AM
A customer had an outdated version of joomla installed. A vulnerability in Joomla was exploited that allowed a script to process that injected information into the index files on the sites. We found the problem and disabled that site.

Passwords were not compromised, but it's always a good idea to change the password (using a strong password: ie, upper case, lower case, number(s), characters, etc) from time to time.

Credit card data for our accounts are on a totally isolated server, so no worry there. Additionally they are encrypted of course.

NOTE: If you re-upload your index file, the site will start working right away.

Update: Sept 28, 2010: I meant to come back and update this forum back in April and forgot. I wanted to mention that we have implemented several new security measures on the cPanel servers that should prevent this from happening in the future.

rongoral
April 2nd, 2010, 11:56 AM
Thanks for the addressing our concerns, Brian.

As Brian has recommended, I will be changing all passwords (including database user and email accounts) ASAP and ensure they follow "strong password" format. There is a forum thread about that here (http://forum.hostek.com/showthread.php?212-How-to-create-strong-passwords&p=307#post307).

The good news about this is that there is not a general failure of security consciousness with the webmasters. However, I would personally ask everyone to review your sites and code and ensure you are as tight and up-to-date as you can be. If you have downloaded and are using third-party scripts (ones that are not offered by Hostek), then be sure you understand what and how they are doing what they are doing so that you can review the security measures in place, or the lack of them. Though I don't use these sorts of scripts, I am reviewing my own code now.

Peace in Christ -
Ron

Dugdale
April 4th, 2010, 08:56 PM
Thanks for letting me know what happened.

One suggestion: it's great you have your server status page, but can you send us emails letting us know what happened too? Crystaltech does this.

Dave