Hacked by Eno7

Market1234 said:
my site or hosting got hacked, who can help me restore and transfer hosting??
Clubcensus.com [[adult forum]]
Click to expand...

Your name servers are using velocityio.com Did you contact DarkWizard and see if he found out how you were hacked in the server logs? You would first want to find that out, then restore from a backup before the hackers entry date and then fix the exploit either server wide or on the add-on that they entered though.
 
  • Like
Reactions: rdn
Delete the index.html that is in existence in your root. And are you using WordPress on that site anywhere? /index.php still serves up your site. The web server is set to serve index.html before it does index.php.

The method of intrusion still needs to be found. Change your passwords to your cPanel to complex password also.
 
Market1234 said:
my site or hosting got hacked, who can help me restore and transfer hosting??
Clubcensus.com [[adult forum]]
Click to expand...

I get a 404 error when I load your forum. Regarding the hack, ask your host to check their access logs around the time of the hack and see what happened. I would also recommend to do a thorough checkup of your server space as well for any backdoors and such.
 
borbole said:
I get a 404 error when I load your forum. Regarding the hack, ask your host to check their access logs around the time of the hack and see what happened. I would also recommend to do a thorough checkup of your server space as well for any backdoors and such.
Click to expand...

Already done all of this, there were no breaches or backdoors on their server. The only thing that changed was that one index file by an IP that used the password to log in.

We've already restored it and even backed up the site completely just to be safe.

The site is currently back and I've had her change all her passwords.
 
Just an FYI: I just tried accessing the site and also got the lone page with: "This website is temporarily unavailable, please try again later."
 
DaveAllen said:
Just an FYI: I just tried accessing the site and also got the lone page with: "This website is temporarily unavailable, please try again later."
Click to expand...

That index page was cached by people's browsers most likely. Refresh a couple of times or clear your cache.

I already see the normal site

2015-05-21_17-04-04.png
 
DaveAllen said:
Just an FYI: I just tried accessing the site and also got the lone page with: "This website is temporarily unavailable, please try again later."
Click to expand...

Same, even a hard clearing of cache now shows the message rather then the hacked xenforo node list that it did last night.
 
Well, I have never been to that site so nothing to do with any cache. However, I cleared my browsers (tried it one two different browsers) and still get the same error message.

Also tried it just now using my phone and same result.
 
The Dark Wizard said:
That index page was cached by people's browsers most likely. Refresh a couple of times or clear your cache.

I already see the normal site
Click to expand...

It wouldn't be the browsers cache, most people here would be visiting this site for the first time (including myself) and are presented with the error (I get the error also).
 
DaveAllen said:
Well, I have never been to that site so nothing to do with any cache. However, I cleared my browsers (tried it one two different browsers) and still get the same error message.

Also tried it just now using my phone and same result.
Click to expand...

Same, just tried from my iPhone and still get the error page.
 
The Dark Wizard said:
Just to clarify, what error are you getting?
Click to expand...

As already stated by several in the thread..

white page with "This website is temporarily unavailable, please try again later."

Trying just the domain or trying with /index.php result in the same. So it isn't just an issue of a index.html file loading before index.php as index.php gives the same error
 
It's resolving now for me instead of the other error.. This is what is being sent
Code: 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>

This website is temporarily unavailable, please try again later.


<!-- pageok -->
<!-- 01 -->
<!-- -->
</html>

The IP for that domain (from a ping> is coming back as 50.63.202.12
 
If the affected machine has been nailed with a rootkit or some other type of malware, changing passwords isn't going to do anything but send the new passwords to those who got in the first time. Machine needs to be declared malware free before new passwords are issued/changed.
 
The Dark Wizard said:
I found the problem, the dns is pointing to a completely different place.

The webpage you are seeing isn't located on on any of our servers.
Click to expand...

DNS dig is bringing back 173.44.37.41 for Market's site DNS dig for VIO is 173.44.37.53 so it appears your site and hers are still on the same server.

Maybe, you have a cache issue since your seeing her working site and your not routing to your server, while rest of us are seeing the error.

Since the site was hacked on the same server you host your WHMCS on.. Have you sent out a notice to all your clients regarding a client defacement occured on the server that houses your billing system and even though no signs of further intrusion can be found at this time, we recommend you update your password for your protection.
 
You must log in or register to reply here.

Similar threads

cwe
Did something happen to asmallorange?
Replies
9
Views
509
cwe
cwe
KhanTastic
  • Question Question
XF 2.2 How many .htaccess files XenForo has?
Replies
2
Views
213
KhanTastic
KhanTastic
cwe
fixing broken links?
Replies
5
Views
366
Chromaniac
Chromaniac
PumpinIron
  • Question Question
XF 2.2 Is there a way to lock an account after X amount of failed login attempts?
Replies
13
Views
703
PumpinIron
PumpinIron
K
  • Question Question
XF 2.2 Lost all formatting/layout after hacking. How to restore?
Replies
8
Views
667
Mr Lucky
Mr Lucky
Top Bottom