Web site hacked

[Srini]

Hi all,

One of my friend is developed a website and hosted it but while
testing itself he got a mail saying that his website has been hacked.
Hacker is manipulating on this by taking full control. He is also
changing the admin passwords and creating new users etc. yesterday
there was a hacker's photo with some urdu fonts.

Please advice him regarding the major flaws in this website and is
there any online free tools available for security testing ? My friend
is too much worried about it and looking for a solution

Here are the details

http://www.learninglabs.in

Now it is showing as an account suspended.. How to track the traces ?

Thanks
Srini

[Raxit Sheth]

Best and quick way is to first contact hosting provider !
Change all password !
if having clean backup, restore them !

Backup all current logs and contact security expert. Give them the control.

Raxit

> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/
>

[abhinav singh]

you will need to start over again by cleaning everthing. Make sure that you scan every corner for presense of any shell upload. It will be prefferable that you use backup to set everything again.

--
Abhinav Singh

Founder - HackingAlert

http://hackingalert.blogspot.com

[Dinesh Shetty]

Hey Srini,

Shared hosting + Changed admin password + added new users huh.. looks
like symlink attack to me :) . Check the access permissions on your
sites configuration files. Hosting on shares webservers can be kinda
risky nyways ;) ... Restore from a offline stored backup file and
clean delete anything that you uploaded in there previously.

Talking about tools to check website security there are n number of
tools there. But before using them, get in touch with your hosting
provider n make sure they dun mind you doing that as it is a shared
server..

Regards,
Dinesh Shetty

[Abhay Rana]

Read this : http://serverfault.com/questions/218005/my-servers-been-hacked-emergency
Abhay Rana
aka Capt. Nemo
http://www.captnemo.in
B.Tech (Production & Industrial Eng.)
IIT Roorkee

[Nanda Kumar]

you can also track ip and parellel trace. next time while launch block
blacklisted ip

[Srini]

Hi All,

Thanks for all your inputs and valuable time. I would really apreciate
your interest and sincere effort


Cheers
Srini

On Oct 1, 11:19 pm, Nanda Kumar <nandakumar...@gmail.com> wrote:
> you can also track ip and parellel trace. next time while launch block
> blacklisted ip
>

> On 10/1/11, Dinesh Shetty <extremema...@gmail.com> wrote:
>
>
>
> > Hey Srini,
>
> > Shared hosting + Changed admin password + added new users huh.. looks
> > like symlink attack to me :) . Check the access permissions on your
> > sites configuration files. Hosting on shares webservers can be kinda
> > risky nyways ;) ... Restore from a offline stored backup file and
> > clean delete anything that you uploaded in there previously.
>
> > Talking about tools to check website security there are n number of
> > tools there. But before using them, get in touch with your hosting
> > provider n make sure they dun mind you doing that as it is a shared
> > server..
>
> > Regards,
> > Dinesh Shetty
>

> > On Fri, Sep 30, 2011 at 6:48 PM, abhinav singh <abhinav...@gmail.com> wrote:
> >> you will need to start over again by cleaning everthing. Make sure that
> >> you
> >> scan every corner for presense of any shell upload. It will be prefferable
> >> that you use backup to set everything again.
>

> >> On Fri, Sep 30, 2011 at 2:58 PM, Raxit Sheth <raxitsheth2...@gmail.com>

> >> wrote:
>
> >>> Best and quick way is to first contact hosting provider !
> >>> Change all password !
> >>> if having clean backup, restore them !
>
> >>> Backup all current logs and contact security expert. Give them the
> >>> control.
>
> >>> Raxit
>

> >http://null.co.in/section/about/null_list_charter/- Hide quoted text -
>
> - Show quoted text -