Site Hacked - Requesting Help

[FriscoCharlie]

Greetings,

My site has been hacked. When I logged on a couple of days ago my users were complaining about advertisements that were between every post on the site. I looked and they appeared to be Google Adsense advertisements.

I also noted that a new member had been promoted to administrator.

So, someone appears to have hacked my site and promoted themselves to administrator and placed these advertisements.

I seek help, or to hire someone to look into this for me. If there is a trusted member here with the knowledge to work on this and fix the issue, I would appreciate hearing from you via conversation.

I have banned this user and turned the site off in the interim.

Thanks very much.

 

[Claudio]

Greetings,

My site has been hacked. When I logged on a couple of days ago my users were complaining about advertisements that were between every post on the site. I looked and they appeared to be Google Adsense advertisements.

I also noted that a new member had been promoted to administrator.

So, someone appears to have hacked my site and promoted themselves to administrator and placed these advertisements.

I seek help, or to hire someone to look into this for me. If there is a trusted member here with the knowledge to work on this and fix the issue, I would appreciate hearing from you via conversation.

I have banned this user and turned the site off in the interim.

Thanks very much.

Please start a conversation with me and we'll completely clean your forum.

 

[Robust]

We can also assist with this to fix the problems as well as identify the cause and patch it. Feel free to start a conversation with me with more information

 

[ManagerJosh]

Happy to help. Please feel free to start a conversation.

 

[FriscoCharlie]

Thanks everyone. I have someone working on this now.

 

[PlayStage]

Hello,

Let me guess, your server is running obsolete software.
As a reminder please make sure your server is running the latest actively developed and supported php version.
On top of running the latest software comes the configuration.
If you are running the latest php software but you haven't setup a secure environment for your scripts to run then here's your hacking reason.

Most hackers don't target a specific website instead they look for vulnerabilities, security holes to exploit, servers not properly configured etc.

If you need a security audit feel free to contact me.

Kind regards,
George.

 

[Codeless]

use Sucuri Cloud Proxy to avoid SQL injection / XXS Attacks / RFI & LFI Attacks / restrict admin panel with 2nd factor or .httaccess

 

[Robust]

use Sucuri Cloud Proxy to avoid SQL injection / XXS Attacks / RFI & LFI Attacks / restrict admin panel with 2nd factor or .httaccess

It could help, but that is definitely unnecessary.

 

[Codeless]

Not unnecessary. its good u was being DDOS attack since last 3 months.
Syn floof
Udp attack
Layer 3
Layer 4
Layer 7
Also lot of attemp to hack my forum.

At server end only port 80 & 443 was opened and port 80 and 443 was protected by strong DDOS protection by cloudflare and hardware firewall. i was paying for protection more then 750$ per months.
Then one of my friend told me to use SUCURI i paid 25$ per month and i even can see what peoples do on my site blocked lots of scrappers and robots. and i am not facing any issue anymore i wil post here my firewall result soon

 

[Codeless]

 

[Robust]

Not unnecessary. its good u was being DDOS attack since last 3 months.
Syn floof
Udp attack
Layer 3
Layer 4
Layer 7
Also lot of attemp to hack my forum.

At server end only port 80 & 443 was opened and port 80 and 443 was protected by strong DDOS protection by cloudflare and hardware firewall. i was paying for protection more then 750$ per months.
Then one of my friend told me to use SUCURI i paid 25$ per month and i even can see what peoples do on my site blocked lots of scrappers and robots. and i am not facing any issue anymore i wil post here my firewall result soon

Correction to what I said: unnecessary in the OP's case, in my opinion.

CloudFlare has pretty good DDoS protection on their more business/enterprise plans (however I would still use back-end protection). I'm guessing you had a bad configuration allowing attackers to resolve your server's direct IP and attack that, as that is the most common mistake using CloudFlare amongst people having huge problems with their service. I personally use CloudFlare as a CDN now though, rather than a DDoS mitigation service.

I have no experience with Sucuri but the blog is pretty good and they know what they're doing from the looks of it. If you have some kind of insecure application or one that is often vulnerable to hacking attempts needing constant security updates (WordPress...) Sucuri may be very useful. Their DDoS mitigation service may also be useful. It's also a way to make up for a poorly configured web server. But a lot of these things you mention you can just do with nginx or Apache, properly setting up the rules to protect various files and directories. A good configuration is invaluable.

In the OP's case, he could have been using outdated software or maybe there was another vulnerability elsewhere on the same server with different software that allowed elevated access. He could help prevent the issue by keeping software up to date, removing outdated or unused scripts, securing certain pages (such as admin.php). Sucuri is quite cheap though, so it's easy to justify the cost, but as I say a lot of forums have found false positives using it and I don't think a lot of sites really *need* it. Especially for smaller forums, every dollar counts, esp. when income is low.