Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 10:54:26 AM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Website hacked  (Read 1788 times)
atwl77
Space Explorer
***
Offline Offline

Posts: 7


WWW
« on: November 13, 2009, 12:18:26 AM »
I just got notification from Lunarpages that my password has been compromised, they've generated a new one for me and helped me clean up some files.

However, going into to check, there's a huge stinkin pile of mess to clean up -- tons of additional files, html files linking to porn, and even more inside my subfolders.

I'm not even sure how this happened -- most likely a dictionary attack or some exploit via php? -- because I've not even logged in to Lunarpages or CPanel for...... quite a long while. At least a month, IMHO -- so they couldn't have gotten any password from my PCs.

But anyway, clean-up time... actually I've thought about cleaning up my website for quite a while now, so maybe this is a good push to get me started. But what do I clean up?

Can I just erase everything in public_html and start over? Or are there files that I have to NOT touch?

Or could the hack/exploit have also put extra junk outside the public_html folder? In which case how do I check everything properly?

Alternatively, could I just ask Lunarpages to just wipe everything for me and let me start off on a completely clean slate?



Thanks in advance!
Logged
katrina1
Guest
« Reply #1 on: November 13, 2009, 01:22:59 AM »
Unfortunately we are unable to offer account resets.  Please login to your cpanel and delete the files you no longer require, or do this via FTP making sure not to delete any folders that were there when the account was created.

You are best to only delete folders and files inside the public_html folder but please make sure not to delete the cgi-bin folder inside the public_html folder. Before doing the deletions, if you have done any Fantastico installs, uninstall the apps using the Fantastico menu so as to ensure that your Fantastico information regarding mySQL database usage is kept up to date.

Please leave the following folders intact - do not delete them :

etc folder : This is not to upload to, this folder is for the system.

mail folder : This folder is for the system in regards to the email accounts for your site. You should not make any changes to this folder.

public_ftp : This folder is for accounts that setup anonymous FTP

public_html : This is the folder you will upload your files to.

cgi-bin: This folder is for CGI scripts.

tmp : This is a folder for the sytem.

www : is a copy of the files in the public_html folder. You do not want to delete files in this folder. It will delete them from public_html folder.
Logged
atwl77
Space Explorer
***
Offline Offline

Posts: 7


WWW
« Reply #2 on: November 13, 2009, 02:08:26 AM »
Oops... I was in the middle of a long deletion process when I noticed your reply. I quickly cancelled and checked to make sure I didn't delete anything mentioned above..... but it looks like I deleted the cgi-bin folder in public_html.  Sad

On the bright side, I think that's the only thing that I messed up.

Is there any way to restore it? Help
Logged
atwl77
Space Explorer
***
Offline Offline

Posts: 7


WWW
« Reply #3 on: November 13, 2009, 02:21:47 AM »
While fiddling around in the file manager, I notice the cgi-bin folder has been restored.

Thanks to whoever did the restoration.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: