I was informed today my site www.owlszone.com had been hacked with the site now being redirected as soon as the forum loads.
I've had to put in a standard index.htm with an announcement we're under maintenance just so it does not load the forum and redirect.
I've removed the index.htm for the time being to allow a MOD to see whats happening
I contacted my host who informed me that:-
They have advised that i delete my site and start again changing passwords.
Easier said than done as there seems to be a number of "new" folders in my root FTP that contain copies of my forum which FTP won't let me delete! (thats a job for the provider to sort out though!)
I have a couple of questions i hope someone might be able to point me in the right direction of.
Firstly,
If I do erase the root in my FTP, is there an easy way to reinstall keeping my existing database? (making the restore a little like an upgrade)
I assume that is sat uninfected so won't need to start totally again
I know I'll need a new clean copy of the source files which i've just downloaded from the member area.
Secondly,
Is there an easy way to get the forum style back from my backup or will it just be easier to install the stlye again from scratch.
Hope someone can help, there seems to be a lot of hacking of sites lately
Mike
I've had to put in a standard index.htm with an announcement we're under maintenance just so it does not load the forum and redirect.
I've removed the index.htm for the time being to allow a MOD to see whats happening
I contacted my host who informed me that:-
A scan of your account has found the malicious or infected files present.
*******************************************************************
/wp.php: {HEX}gzbase64.inject.unclassed.17.UNOFFICIAL FOUND
/admincp/control_examples/up.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/admincp/control_examples/k2/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/up.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/images/icons/configweb/config.root: SiteLock-PHP-CPANEL-b.UNOFFICIAL FOUND
/images/icons/configweb/.htaccess: EIG.Hacktool.HTAccess.Root-1.UNOFFICIAL FOUND
/images/icons/pro/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/PRO/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/webr00t.php: APEXDEF.PHP-Mailer.Alajam.2N.UNOFFICIAL FOUND
/images/icons/sym/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/symlink_3.php: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/proshell.php: EIG.PHP.WebShell.Procoderz-1.UNOFFICIAL FOUND
/images/icons/2.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/api.php: PHP.Hide FOUND
*******************************************************************
/wp.php: {HEX}gzbase64.inject.unclassed.17.UNOFFICIAL FOUND
/admincp/control_examples/up.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/admincp/control_examples/k2/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/up.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/images/icons/configweb/config.root: SiteLock-PHP-CPANEL-b.UNOFFICIAL FOUND
/images/icons/configweb/.htaccess: EIG.Hacktool.HTAccess.Root-1.UNOFFICIAL FOUND
/images/icons/pro/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/PRO/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/webr00t.php: APEXDEF.PHP-Mailer.Alajam.2N.UNOFFICIAL FOUND
/images/icons/sym/.htaccess: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/symlink_3.php: EIG.Hacktool.HTAccess.DirIndex-1.UNOFFICIAL FOUND
/images/icons/proshell.php: EIG.PHP.WebShell.Procoderz-1.UNOFFICIAL FOUND
/images/icons/2.php: {HEX}php.uploader.max.541.UNOFFICIAL FOUND
/api.php: PHP.Hide FOUND
Easier said than done as there seems to be a number of "new" folders in my root FTP that contain copies of my forum which FTP won't let me delete! (thats a job for the provider to sort out though!)
I have a couple of questions i hope someone might be able to point me in the right direction of.
Firstly,
If I do erase the root in my FTP, is there an easy way to reinstall keeping my existing database? (making the restore a little like an upgrade)
I assume that is sat uninfected so won't need to start totally again
I know I'll need a new clean copy of the source files which i've just downloaded from the member area.
Secondly,
Is there an easy way to get the forum style back from my backup or will it just be easier to install the stlye again from scratch.
Hope someone can help, there seems to be a lot of hacking of sites lately
Mike
Comment