been hacked

Permalink
IT looks as though my site may have been hacked by a hacker. I cannot get into my site even when i change to a new password. What can i do Please help

View Replies: View Best Answer
Gondwana replied on at Permalink Reply
Gondwana
You can provide more information; eg, what do you see when you try to get to your site (ideally with screenshot)? Are there any errors in browser javascript console? Are there any errors in php logs? What is the site URL?
rgp replied on at Permalink Reply 1 Attachment
This is my page i have tried to change the password so many times and it says i have logged in and then i cannot get into it.
The hacker said they have installed a software called rat that would change the password when i entered it. I am not very up with all this but i am trying . I appreciate your help
Gondwana replied on at Permalink Reply
Gondwana
I'm not seeing anything in that image, or on your site, that suggests that it's been hacked.

How has the 'hacker' been communicating with you?

I'm thinking that stardard c5 password-recovery techniques would be worth trying. If you're not confident with mucking around with php code or database tables, you might want to approach a developer to do it; alternatively, a generous soul here may be willing to try it for you.
ob7dev replied on at Permalink Reply
ob7dev
How did the hacker tell you "they have installed a software called rat that would change the password when i entered it." ?

Is there a message the hacker put somewhere on your website?

And who is hosting the site? If there is such malicious software changing your sites password, it can be removed by cleaning up and securing the server running the site.
JohntheFish replied on at Permalink Reply
JohntheFish
Some tips on getting in after failed passwords (though not on expunging a hack)

http://www.concrete5.org/community/forums/installation/not-got-very...
JohntheFish replied on at Permalink Best Answer Reply
JohntheFish
There is a phishing email going the rounds along the lines of a very generic "your site/account has been hacked, pay us / install our software".

I am not saying that is the case here, but a scenario is: a site owner gets the email, gets flustered, gets their password wrong, then starts to believe the phisher, gets more flustered ....

So take a step back, make sure caps lock is not accidentally on, see if you can login or reset your password.

Then start to look for further evidence you have been hacked.
rgp replied on at Permalink Reply
Thanks John, I have been able to get into it and all looks good, i think you were right, thankyou
rgp replied on at Permalink Reply
HI everyone thankyou for the great responses, I am very new at trying all of this, i received an email from my own email saying that they had added this so called :rat: software to my website. My site was not secured and they found a password from it ( i think it was an old one) and they were able to grab all my contacts and info, so i organised through crazy domains, a ssl cert to install and having trouble installing that as well, but i am thinking it was just a spam or someone phishing, i am hoping anyway.
rgp replied on at Permalink Reply
HI everyone thankyou for the great responses, I am very new at trying all of this, i received an email from my own email saying that they had added this so called :rat: software to my website. My site was not secured and they found a password from it ( i think it was an old one) and they were able to grab all my contacts and info, so i organised through crazy domains, a ssl cert to install and having trouble installing that as well, but i am thinking it was just a spam or someone phishing, i am hoping anyway.
TMDesigns replied on at Permalink Reply
TMDesigns
This I think is the spam email, I have received 3 this morning

Hello!

I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Your password from [email protected]***********.co.uk on moment of crack: 8l1buib51qd1i

Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.

Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I've never seen anything like this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...

I will not do this if you pay me a little amount.
I think $846 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: 1PcFYw7PQKUnj6RxqVwZ4TFuwWUPTyECKQ

If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.
Bye.
ob7dev replied on at Permalink Reply
ob7dev
Looks like the scammer has around $5,000 at this bitcoin address already. All acquired within about the last day or so.