Website Choices

… tools, news, products, and choices for webmasters

Archive for the ‘Security’ Category

16
Feb
2008

Hacked by r00t-x!

February 16th, 2008 at 02:20 am by stevestuff in Me, Security

ALL YOUR WEBSITES ARE BELONG TO US

Hacked_r00t-x

What a surprise it is to plug in your website’s URL, click on go, and find something you never uploaded! Then you go to other websites you have on your server and view the same upload. Then you know you got trouble!!

This was my own observation last weekend. I’ve heard it happen to others, and now I was chosen to experience this reality. I have never discussed with anyone just what happens when you get hacked, but here’s my story.

I had just performed an autoinstall of Joomla! CMS on Friday evening. Got it all up and set with a click on a hyperlink. Smooth, fast, and secure. Secure? Yah, sure was. Not changing my username from admin? NOT SECURE!

Saturday, I go to play around with my new website and view this black background page with a gruesome face of destruction staring me down. “Oh crap!” My first thought was to check my web design website. Sure enough, that horrid face was there, too.

Next step: questions

  1. What can I do to fix everything?
  2. What allowed this to happen?
  3. What can I do to prevent this from happening again?
  4. Who did this and where does he live?

My hosting service through Servage.net makes this easy to fix and repair. I didn’t bother to use FTP, went direct to my files online - no C panel to mess with. With Servage I access every thing from one page. Web server, FTP accounts, E-mail accounts, Domain settings, Your account, FAQ, MySQL databases, and more. No phony icons, all text links with drop-down menus.

Turns out, the only pages that got hacked were the index.html and index.php pages, and my admin login page here at WordPress. So it didn’t take very long to set everything back to my content. There was only one exception: the new Joomla! files. This CMS has numerous files, most with its own index.html or index.php files. With no content of my own on any pages there, the best choice was to delete all these files.

After viewing the source code, I found out that the hacker was likely from Saudi Arabia, and he goes by the name, “BuLlEt HaCkEr.” Lots of coders over there, a great country to grow hackers.

Next task, find out what allowed this to happen. After a couple hours of Google searching, I realized that it was the Joomla! program and the fact that I didn’t IMMEDIATELY change the default username.

To sum it up:

  • Strange experience
  • Great support from Servage (submitted 3 tickets with excellent speedy reply)
  • Totally wasted a good Saturday
  • Minimal losses (none!)

… the Google search term, “r00t-x” will bring up over 4,000 hacked sites. Likely done by just one of many hackers.

stevestuff

Post a Comment

Banner

  • About

    Me! Welcome to my new WordPress blog! I've finally converted over from Blogger. Feel free to comment. Enjoy your stay!

    Return to WebDesignbySteve.com

    Due to a ridiculous amount of spam, comments have been turned off. To post a comment, please e-mail me at steve(at)webdesignbysteve.com.

  • My Communities

  • Sponsors

    Sponsor
    Sponsor
© Website Choices 2007
Sponsored by Servage Hosting Solutions | clixGalore Affiliate Programs | Axandra iBusiness Promoter BlogCatalog