What to do if hacking site?
Good day to all.
Just recently faced with such a thing as hacking the site. It seems the site is nothing special, it is not very big visitor (2500-3000 hosts), the subject is games. DLE 8.2 engine, IPB forum - everything is integrated. The average site in general. For hackers / competitors hardly anything remarkable.
Three days ago, some wise guy somehow deleted all admin accounts. The option of hacking mail disappears, I would notice that a letter has arrived, and the session has not been broken. Trojan ... well, maybe, although Dr.Web is worth it. In general, I was not particularly soared about this, I did not find anything superfluous on the site. Restored everything from backup. Today, history repeats itself with the only difference that the code appeared on the site:
')
I cleaned everything up, I decided to see from which IP I went to the only admin account I had left. This turned out to be 81.222.236.68
By the way, try to follow the link 81.222.236.68 - there are very strange files, several logs (three of them have my site).
Can someone advise how to be? Maybe you can write somewhere to the thread, knowing where the site was broken from?
Just recently faced with such a thing as hacking the site. It seems the site is nothing special, it is not very big visitor (2500-3000 hosts), the subject is games. DLE 8.2 engine, IPB forum - everything is integrated. The average site in general. For hackers / competitors hardly anything remarkable.
Three days ago, some wise guy somehow deleted all admin accounts. The option of hacking mail disappears, I would notice that a letter has arrived, and the session has not been broken. Trojan ... well, maybe, although Dr.Web is worth it. In general, I was not particularly soared about this, I did not find anything superfluous on the site. Restored everything from backup. Today, history repeats itself with the only difference that the code appeared on the site:
')
I cleaned everything up, I decided to see from which IP I went to the only admin account I had left. This turned out to be 81.222.236.68
By the way, try to follow the link 81.222.236.68 - there are very strange files, several logs (three of them have my site).
Can someone advise how to be? Maybe you can write somewhere to the thread, knowing where the site was broken from?
Source: https://habr.com/ru/post/76359/
All Articles