TOPIC:

Guys has anyone else noticed that the main page has been hacked?

You don't like our new front page? We thought direct marketing of kebabs was the way to go for a beer website. Oh well, I'm sure Barry can take it down.

Hmm, yeah. I got a mail from TBN first thing this morning as i was blissfully unaware of what had happened last night. They had somehow gotten in and replaced the index page with their own. Easily restored from backup, but worrying that they got in. I'm grateful to them for not doing more damage (and I do like Kebabs)!

Admin account and FTP passwords have all been changed, but I will be trying to find out how they got in, and if they did anything else. I will take the site down later on today to check the database etc.

IS this a sign we've made it to the big time? <!-- s:D --><img src="{SMILIES_PATH}/icon_biggrin.gif" alt="" title="Very Happy" /><!-- s:D -->

No I have had websites hacked before. Nothing more than photographer portfolio sites so afraid it is nothing to do with popularity.

Usually it is from FTP, when someone connects it is clear text so any sniffer can get the password.
Other times there is a key logger hiding on someone's computer who has the rights to access the file structure.

If you have logging enabled on the server, take a look for the IP that accessed it and block it. Or the entire subnet, it was probably in China or somewhere so I doubt we would miss that subnet.

Could also be sql injection but I do not know much about that side of things.

I had the same problem with a number of sites I have hosted with digiweb. The attack originated in the netherlands and apparently the same source IP has been involved in a number of attacks. If you can check the logs the IP concerned is 89.248.162.234. Obviously changing your FTP password regularly would help and not using the defaults is way better <!-- s:-) --><img src="{SMILIES_PATH}/icon_smile.gif" alt="" title="Smile" /><!-- s:-) -->

Cheers,

Mez.

P.S. Review the website content for suspicious data, in particular
unfamiliar IFrames and Javascript.

I suspect it was simple FTP as they overwrote the index file. I'd never use defaults <!-- s:D --><img src="{SMILIES_PATH}/icon_biggrin.gif" alt="" title="Very Happy" /><!-- s:D -->

Will check the logs this evening. Ta.