Answer the question
In order to leave comments, you need to log in
Y
Y
Yujj2015-02-19 14:33:53
Yujj, 2015-02-19 14:33:53
Shared timeweb servers hacked (or qh.php)?
For the second time I am faced with a situation where a site is hacked on a sabzhe hosting. Moreover, they hack not only mine, but also on accounts neighboring on the server. Moreover, various CMS are used (joomla, wordpress, dle, bitrix and even self-signatures). Sites on bitrix and wordpress were hacked on my accounts. The first suspicions, such as weak passwords, etc. disappeared immediately, and when it turned out that the sites adjacent to the site were also infected, I contacted the hoster through a ticket, but the answer was standard template - they hacked you, we can’t help here - everything is fine with us. But how were all (or almost all) sites on this particular IP hacked at once? Why not on other dozens of my sites on other timeweb servers and other hostings?
That is, all that the hacked sites have in common is the IP and the qh.php file in the root of the site. (I can post the file for review).
How to be in this situation? How to get through to competent people in the hosting TP who will be able to understand the problem deeper?
5 answer(s)
@opium
@Yujj
@MrGroovy
Unfortunately, without more detailed information, it is difficult to say exactly where the hack occurred on the client or hosting side. If you believe in the professional competence of hosting owners, it is better to immediately look for a new one. But since there is a possibility that you were directly hacked, it must be checked before transferring the site.
You may have been hacked through known vulnerabilities in these CMS. There are two types of vulnerabilities - an outdated version of the software itself and vulnerabilities in plugins or themes. To find vulnerabilities in such vulnerabilities, you can use special scanners. Try this:
- https://metascan.ru (It can check both WordPress and Bitrix)
- wprecon.com (WordPress checker);
- 1c-bitrix.ru/products/cms/modules/security_scanner/ (1C Butrix Security Scanner)
P
Puma Thailand, 2015-02-19 @opium
See the date the file was created, go to the server logs and see what happened at that time, if you infected it through a hack, you will find the command how it was installed, if not, you won’t find it, and then hammer support
Y
Yujj, 2015-02-19 @Yujj
Date modified - 6 months ago. Forged under neighboring files. At the same time, a couple of months ago this file was not here for sure. So your choice doesn't work.
The people, do not write, please, about "seeing the logs." Well, they don’t exist ... they just don’t exist - they weren’t included on the hosting at the time of the hack.
Better pay attention to the fact that not only my site was hacked, but also neighboring ones - on other accounts to which I do not have access.
M
MrGroovy, 2020-12-11 @MrGroovy
Moreover, they hack not only mine, but also on accounts neighboring on the server
Unfortunately, without more detailed information, it is difficult to say exactly where the hack occurred on the client or hosting side. If you believe in the professional competence of hosting owners, it is better to immediately look for a new one. But since there is a possibility that you were directly hacked, it must be checked before transferring the site.
Sites on bitrix and wordpress were hacked on my accounts.
You may have been hacked through known vulnerabilities in these CMS. There are two types of vulnerabilities - an outdated version of the software itself and vulnerabilities in plugins or themes. To find vulnerabilities in such vulnerabilities, you can use special scanners. Try this:
- https://metascan.ru (It can check both WordPress and Bitrix)
- wprecon.com (WordPress checker);
- 1c-bitrix.ru/products/cms/modules/security_scanner/ (1C Butrix Security Scanner)
Similar questions
D
D
M
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question