Websites Hacked
Permalink 1 user found helpful
All of my Concrete5 websites hacked:
Hacked By TheCur3. "United, we'll fail. Divided, we'll fall."
Hacked By TheCur3. "United, we'll fail. Divided, we'll fall."
As great as that script is, the op needs to figure out the source of the problem. It probably wasn't through the concrete 5 site (including an easy to guess password) and almost certainly wasn't through some "hole" in c5 itself.
It's like complaining that your glove compartment didnt do a good job of securing your car. And then changing the lock on the glove compartment.
The op needs to evaluate other passwords (like FTP), services running on the server, etc. once these are fixed, a c5 password reset is in order.
Best,
James SHANNON
Sent from my phone
It's like complaining that your glove compartment didnt do a good job of securing your car. And then changing the lock on the glove compartment.
The op needs to evaluate other passwords (like FTP), services running on the server, etc. once these are fixed, a c5 password reset is in order.
Best,
James SHANNON
Sent from my phone
Technically, if he could find the IP of the hacker, he could put it on the IP Blacklist.
Yeah. And to continue my car analogy, that's like having a busted door which won't lock, but parking in a different neighborhood so that whoever broke into it yesterday won't get another opportunity.
True.
DNP: Sometimes I get bogged down in the big picture.
Yes, your site was hacked. But I seriously doubt it was via concrete5. The only thing that would make me question that assumption is if the "hack" was clearly within concrete5. Like on a block or something.
More than likely it was through the filesystem. There are scripts that will change your PHP files directly, without any knowledge of c5 or wordpress or anything else. And there are scripts that will try to figure out how to get in in the first place. Maybe your host has you on an old version of an FTP client or something. Really, there are lots of possibilities. So just blocking the original hacker's IP or changing your domain name won't do much. There are 1000 other "kids" running the same script.
The best thing to do is figure out the source of the hack. Failing that (which can be difficult), make sure your entire server is upgraded to the latest operating system, services, etc. It wouldn't hurt to start from scratch. Once you have some confidence that the initial exploit is gone, then go ahead and reset your c5 password. (Or clean it now to get your site looking reasonable, but reclean it later, too). If you can't figure out how they got in, you can change your passwords and hope for the best. (It's possible they guessed/listened to one of your passwords, too....)
You really should talk to your host about this. They're likely to be the ones upgrading the software anyways....
Yes, your site was hacked. But I seriously doubt it was via concrete5. The only thing that would make me question that assumption is if the "hack" was clearly within concrete5. Like on a block or something.
More than likely it was through the filesystem. There are scripts that will change your PHP files directly, without any knowledge of c5 or wordpress or anything else. And there are scripts that will try to figure out how to get in in the first place. Maybe your host has you on an old version of an FTP client or something. Really, there are lots of possibilities. So just blocking the original hacker's IP or changing your domain name won't do much. There are 1000 other "kids" running the same script.
The best thing to do is figure out the source of the hack. Failing that (which can be difficult), make sure your entire server is upgraded to the latest operating system, services, etc. It wouldn't hurt to start from scratch. Once you have some confidence that the initial exploit is gone, then go ahead and reset your c5 password. (Or clean it now to get your site looking reasonable, but reclean it later, too). If you can't figure out how they got in, you can change your passwords and hope for the best. (It's possible they guessed/listened to one of your passwords, too....)
You really should talk to your host about this. They're likely to be the ones upgrading the software anyways....
It's also possible that the username and password were too simple like 'admin' & '12345'. Lately, Wordpress and Joomla sites have been under brute-force attacks and apparently a huge chuck of sites still have 'admin' as the username (like a bunch of C5 sites as well).
Was the hack done at the PHP file level or the C5 level? By that I mean did the hacker add stuff to the .php Page Type files in your theme directory or did they edit the content of your site through the C5 front-end?
Was the hack done at the PHP file level or the C5 level? By that I mean did the hacker add stuff to the .php Page Type files in your theme directory or did they edit the content of your site through the C5 front-end?
Thank you for replying. My Concrete5 sites have been hacked 3 times since Friday and today they were vandalized. I am trying to work with the website host Arvixe but am not getting any resolution.
Version?
Do you know which kind of attack did you suffer?
Any customized add on (backdoor or something similar)?
What do you want exactly?
Do you know which kind of attack did you suffer?
Any customized add on (backdoor or something similar)?
What do you want exactly?
Did they hack the PHP files or did they gain access to your concrete5 admin functions?
You are not alone:
http://www.hack-db.com/hacker/TheCur3/all.html...
You are not alone:
http://www.hack-db.com/hacker/TheCur3/all.html...
You said "all of my Concrete5 websites hacked". If all the websites were on the same server it's probably a good indication that it has nothing to do with C5
Hope that helps.