I think my site might have been hacked

Discussion in 'Security and Legal' started by Kraven, Oct 3, 2013.

  1. Kraven

    Kraven Regular Member

    Joined:
    Oct 2, 2013
    Messages:
    10
    Likes Received:
    8
    I recently started a forum and we were just getting it the way we wanted it when it started running really slow, page loads took forever, and it was freezing up. I checked the admin logs from my host account and I got several log in attempts to my admin host account from an Indian IP, and to make matters even weirder I also had several reset password attempts on my personal g-mail account that originated from the same IP from India.

    I'm not sure if he got in or not, but I've changed my passwords on my e-mail and my accounts. What can I do in the future to prevent hacking attempts on my site, and e-mail? I don't think I did anything out of the ordinary to cause this. Any advice would be appreciated.
     
  2. Peace

    Peace Regular Member

    Joined:
    Jul 5, 2013
    Messages:
    100
    Likes Received:
    58
    Hi @Kraven - what forum software are you running? If vBulletin, they just released an update telling everyone to delete their install directories.

    Anyway, ideas on securing your site:

    1) Change your root/WHM, cPanel, FTP, and ALL SQL passwords. None should be the same.

    2) Disable FTP, and only allow access via SSH keys. (Let me know if you'd like help setting this up)

    3) Get an SSL cert for your site, so a middle man can never listen in on your packets

    4) Change the name of your admin directory

    5) Setup Host Access Control (only allow IPs to access root/WHM and cPanel from your IP)

    6) Do you have a firewall running on your server?

    7) Run a Malware scan, or have your host do it. Maldet is pretty good for Unix.

    Hope this helps!
     
  3. Big al

    Big al Regular Member

    Joined:
    May 14, 2013
    Messages:
    1,093
    Likes Received:
    415
    Location:
    OZ
    @ Kraven, in addition to the good advice from Peace, you may like to ban the IP block on your website.
    A couple of good free AV programs are Malwarebytes and Threatfire. You may also like to download the free version of Sophos to counter any keyloggers. Look for the free Anti-root kit.

    If you can give me the IP from India I will check it out for you.
    Due to the lax cybercrime laws in India currently, some of the local low life's and those who support them are taking advantage of the situation.

    I think some of us will start to check out the hackers and scammers operating out of such places a Kerala, and initiate some action against them. Already many of their scam websites have been closed down, I think many more will be closed soon.
     
    Peace likes this.
  4. Kraven

    Kraven Regular Member

    Joined:
    Oct 2, 2013
    Messages:
    10
    Likes Received:
    8
    I'm running VB, thanks a lot for the tips guys. I've just deleted my install directories, changed the name of my admin directories, ran a malware scan, and am in the process of changing all my passwords hopefully this will help to secure my site.

    The hacking attempts resolved from proxies from all over the world but a couple of times I got a direct hit with no proxy from Airtel, Bangalore, India. There was nothing from Kerala, India. I checked after reading your post.

    Are there a lot of scammers, hackers, scam sites that originate from Kerala, India? I didn't know that Kerala was a hotbed for scammers and hackers. But I guess they can come from anywhere in the world. Especially a country where the laws aren't as stringent as the laws in the states.

    Al, it's good to hear that you are closing down scam websites and are working tirelessly to continue to close down more sites. I'll PM you the IP addy that wasn't a proxy that I was able to trace directly to Bangalore.
     
    Big al and Peace like this.
  5. Kraven

    Kraven Regular Member

    Joined:
    Oct 2, 2013
    Messages:
    10
    Likes Received:
    8
    Al, I don't have the ability to PM yet, I probably don't have enough posts so I'll send you the IP after I make a couple more posts. I have a lot more to read on this site anyway. This is a great site for helping people administrate their websites, thanks guys for making a site like this. :cool:
     
    Big al and Brandon like this.
  6. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Yup, a few more post and a few more days registered and you will have full access.
     
    Kraven likes this.
  7. Kraven

    Kraven Regular Member

    Joined:
    Oct 2, 2013
    Messages:
    10
    Likes Received:
    8
    Cool, thanks Brandon, that's kind of what I figured the issue was. :)
     
  8. Mark.B

    Mark.B Regular Member

    Joined:
    Jul 4, 2013
    Messages:
    253
    Likes Received:
    42
    Check your plugins...anything you don't recognise, particularly under the "vBulletin" product?
    Check your admins...any admins you do not recognise? If so, immediately delete them.
     
  9. Kraven

    Kraven Regular Member

    Joined:
    Oct 2, 2013
    Messages:
    10
    Likes Received:
    8
    No plugins I don't recognize. Admins, just the two of us. lol
     
  10. jp17

    jp17 Regular Member

    Joined:
    Oct 4, 2013
    Messages:
    16
    Likes Received:
    1
    I thought my site was hacked too, guy who said it was a lier.
     

Share This Page