Portal Home > Knowledgebase > Articles Database > My site is hacked :(
My site is hacked :(
| Posted by kriru, 02-11-2012, 05:47 PM |
| Hi
My site = guru99.com
It is hosted on hostmonster.com
When I accessed the site today it was showing some wiered homepage.
When I checked with hostmoster support they said its hacked.
I deleted all files from server and restored , still it was guru99 was pointing to hacked location
The support executive later said that the site is pointing to the ip = 173.254.101.84
When I asked them root cause of the problem ... they said they do not know
Can anyone help me decipher why was this so such future attacks can be prevented?
I feel its a problem with hostmonster but they are not admitting ...
|
| Posted by AverageUser, 02-11-2012, 06:57 PM |
| They say it is DOS attact, but my sites look like they are hacked too : (. IT just shows content from another site. They say they redirected shared IP to a dedicated or something, but this is a nice excuse I think.
Btw. You should probably put the hosting company name in the title; I doubt your site was 'hacked' because my sites - which are in plain HTML, no DB or even PHP - also look like 'hacked' but the problem is Hostmonster.com, not our sites.
Last edited by AverageUser; 02-11-2012 at 07:05 PM.
Reason: btw.
|
| Posted by Alex LD, 02-11-2012, 07:32 PM |
| Hostmonster should be able to point out what happened. If not then you'll want to migrate to a different more secure web host. There are log files for just about everything and i'm sure HostGator can answer the question, its just the matter of when?
DOS attack will not take down a server, A DDoS attack will. The difference is, DoS is usually 1 attacker or zombie. Whereas a DDoS is generally a botnet of zombie computers or servers flooding a servers bandwidth essentially causing it to not allow access to for from the box. And if it were a DDoS the server would be going slow and laggy.. or not be online at all. If you're seeing a different website when going to your site, then it is not a DDoS or a DoS attack.
Also let me be clear
If a server get compromised then all accounts on the server can be affected. Regardless if its in PHP or HTML the root user has control over everything.
|
| Posted by tvcnet, 02-11-2012, 08:30 PM |
| I've run a number of scans, including a 3rd party site unmask parasites and your site is looking OK at the moment.
Did you manage to clear the hack from your site?
|
| Posted by kriru, 02-12-2012, 12:07 AM |
| I did nothing from my end ...
It was definitely a problem with hostmonster ...
|
| Posted by humangenome, 02-12-2012, 05:49 AM |
| The difference is not accurate.
A DoS and DDoS attack are one in the same.
You are describing different types of attacks and how they are scaled.
|
| Posted by Alex LD, 02-12-2012, 12:08 PM |
| DoS = Denial of Service ( 1 computer flooding)
DDoS = Distribute Denial of Service (botnet flooding)
Very different indeed, google, DoS vs DDoS you'll see my description is actually right.
|
| Posted by Steven, 02-12-2012, 12:31 PM |
| DOS' attacks take down servers all the time, if not setup to block them..
|
| Posted by Alex LD, 02-12-2012, 12:51 PM |
| If the person is a complete noob and would completely go without any firewall... CSF...APF even a simple IPTables rule... blocks DoS attacks like its not even a problem. That's like saying cars don't run if you don't put gas in the fuel tank.
Plus the OP is using HostMonster, I know they have a firewall setup. So a DoS attack would not have taken it offline.
Last edited by Alex LD; 02-12-2012 at 12:54 PM.
|
| Posted by AverageUser, 02-12-2012, 01:18 PM |
| Everything seems to come to normal finally.
|
| Posted by Steven, 02-12-2012, 03:27 PM |
| Just because there is a firewall does not mean it will be blocked.
Example if you install csf or apf out of the box it will not block a dos attack. There is no rate limiting in place by default.
Same goes for many hardware firewalls. Unless its specifically setup to block it, its not going to do anything
|
| Posted by kpmedia, 02-12-2012, 03:39 PM |
| What are your suggested settings? CSF, for example.
|
| Posted by mdharris, 02-12-2012, 04:02 PM |
| Nah, I tend to disagree here. A distributed attack is simply a type of denial of service attack. There are non-distributed attacks which can bring down services - for example, an exploitable software bug which allowed a remote attacker to cause a web server to crash. That would also be a denial of service attack.
|
| Posted by Alex LD, 02-12-2012, 04:17 PM |
| If you consider an exploitable software bug as a Denial of service on such a broad spectrum, then so basically would be any other type attack to a system. I guess if someone pulled the power cord out of the wall, that too is a Denial of Service.
|
| Posted by BiggyMike, 02-12-2012, 04:42 PM |
| Regardless of the attack software firewalls are pointless for DoS/DDoS. The traffic still hits the server. Software firewalls are meant for security.
|
| Posted by mdharris, 02-12-2012, 08:49 PM |
| If you go into a data center and unplug a server with the intention of... denying service... then yes, that would be a denial of service attack.
Not necessarily. While a local packet filter isn't going to do much if your network interface is getting saturated (or, worse, if your upstream is getting saturated), it can block particular types of denial of service attacks; for example, attacks which rely on your server replying to ICMP packets.
|
| Posted by humangenome, 02-14-2012, 01:33 AM |
| I think that's kind of his point. The DoS vs DDoS is presently outdated terminology because the similarities and differences between the two can sometimes be indistinguishable.
If I had a say, I'd vote to get rid of the "distributed" part of the definition and leave it at "denial of service" attack.
Whether or not it is distributed among other systems to perform that attack has nothing to do with the fact that it is a denial of service attack.
Well said!
I think people need to realize DoS attacks are simply efforts to disrupt service. There are many exploits, bugs, and vulnerabilities that, when calculated to scale, can do monetary damage and/or service disruption regardless whether any type of firewall is present.
Last edited by humangenome; 02-14-2012 at 01:39 AM.
|
| Posted by mdharris, 02-14-2012, 02:38 AM |
| Another example:
A resource exhaustion attack caused by attackers from a single IP address triggering a resource-intensive database query by hitting a CGI script many times concurrently. A packet filter on the host can then be used to block that IP address and hence end the denial of service condition at least temporarily.
Traffic hitting "the server" is abstract. The server does not necessarily mean the network interface. For an attack to be successful, the attack may need to (as in the case of the example I posted) reach the web server software which then allows it to execute a script. So there're lots of types of attacks, many of which lead to a denial of service condition, and there are lots of ways to address those attacks. Trying to define things so narrowly isn't useful in a technical context.
|
| Posted by humangenome, 02-14-2012, 05:15 AM |
| I can think of many ways DoS can be successful other than executing a script.. how about packet flooding a domain/IP? That would be considered a DoS even if the site were not taken down (can use lots of bandwidth).
|
| Posted by mdharris, 02-14-2012, 11:42 AM |
| I don't think you read my whole post.
|
| Posted by sam9, 02-14-2012, 06:31 PM |
| kriru - glad that your site was back. Did the hoster share what was the reason for the site to be directed to an unathorized IP?
On the other discussion, IMHO, various kind of DoS attacks could take down a server - DoS or DDoS or low rate DoS.
|
Add to Favourites 
Print this Article
Also Read
