November 25, 2009 at 16:00What to do if a site is hacked?
Good day to all.
Just recently I came across such a thing as hacking a site. It seems that the site is nothing special, not a very large visitor (2500-3000 hosts), the theme is games. DLE 8.2 engine, IPB forum - everything is integrated. The average site in general. For hackers / competitors, it’s hardly something remarkable.
Three days ago, some wise guy somehow deleted all admin accounts. The option with hacking mail - disappears, I would notice that a letter arrived, and the session did not break. Trojan ... well, maybe, although Dr.Web is worth it. In general, I was not particularly worried about this, I did not find anything superfluous on the site. I restored everything from backup. Today, history repeats itself with the only difference being that a code appeared on the site:
I cleaned everything, decided to look at which IP they went to the only left admin account. It turned out to be 81.222.236.68
By the way, try to follow the link 81.222.236.68 - there are very strange files, several logs (in three of them there is my site).
Can someone advise what to do? Maybe you can write a thread somewhere, knowing where they broke the site from?
Just recently I came across such a thing as hacking a site. It seems that the site is nothing special, not a very large visitor (2500-3000 hosts), the theme is games. DLE 8.2 engine, IPB forum - everything is integrated. The average site in general. For hackers / competitors, it’s hardly something remarkable.
Three days ago, some wise guy somehow deleted all admin accounts. The option with hacking mail - disappears, I would notice that a letter arrived, and the session did not break. Trojan ... well, maybe, although Dr.Web is worth it. In general, I was not particularly worried about this, I did not find anything superfluous on the site. I restored everything from backup. Today, history repeats itself with the only difference being that a code appeared on the site:
I cleaned everything, decided to look at which IP they went to the only left admin account. It turned out to be 81.222.236.68
By the way, try to follow the link 81.222.236.68 - there are very strange files, several logs (in three of them there is my site).
Can someone advise what to do? Maybe you can write a thread somewhere, knowing where they broke the site from?