being hacked?
Permalink
I have several C5 sites on Bluehost. All of them seem to be getting hacked, including a dummy site I just set up yesterday. home page works fine, but any link takes you to a white page. looking at page source says it's a placeholder dummy file. Hacked by TiGer M@te.
Is this a coding or database thing?
you can see an example at Leinbaugh.com/hacked
Is this a coding or database thing?
you can see an example at Leinbaugh.com/hacked
The page you put the link to looks fine, no blank white. Do you have wordpress sites along with all the sites that are being hacked? This filehttp://leinbaugh.com/hacked/blog/2014/03/still-another-blogpost/... appears to be a wordpress file, and shows what you described.
no Wordpress, think it's pro-blog. like I said, homepage works fine, but any other navigation produces the white screen (looking at source of white page shows it's a dummy file). I'm too much of a noob to know if it's a database hack or coding.
This happened on all my C5 sites, including one installed yesterday with the latest 5.7 version
I've since changed all my passwords including ftp, so hopefully that will help.
This happened on all my C5 sites, including one installed yesterday with the latest 5.7 version
I've since changed all my passwords including ftp, so hopefully that will help.
Hello,
If you Google the string "HackeD By TiGER-M@TE" you will see that it's the mark of a hacker that seems to be getting around. Among others he hacked 700000 sites hosted with inMotion Hosting in 2012, he hacked Google Bangladesh...
It seems what you're looking at is what's is left of a page after it got deleted by your host because it was infected. I have the feeling that if you look on your server you might find a directory or a file "hacked\blog" that was put there to serve as a placeholder for the real page.
How you got hacked could be one of many things:
1- bluehost has unpatched vulnerabilities
2- your extremely outdated version of C5 has vulnerabilities
3- your copy of proBlog still has the vulnerabilities that were made public and patched very recently
If you Google the string "HackeD By TiGER-M@TE" you will see that it's the mark of a hacker that seems to be getting around. Among others he hacked 700000 sites hosted with inMotion Hosting in 2012, he hacked Google Bangladesh...
It seems what you're looking at is what's is left of a page after it got deleted by your host because it was infected. I have the feeling that if you look on your server you might find a directory or a file "hacked\blog" that was put there to serve as a placeholder for the real page.
How you got hacked could be one of many things:
1- bluehost has unpatched vulnerabilities
2- your extremely outdated version of C5 has vulnerabilities
3- your copy of proBlog still has the vulnerabilities that were made public and patched very recently
so far the newest install hasn't shown any signs of being buggy. What made me nervous is the "hacked" message from a clean install yesterday with no additional addons. I'm not seeing anything on the server. And Bluehost was LESS than helpful. "Oh, you're not running Wordpress... sorry we can't help you"
I guess the main thing, out of curiosity is whether the hack involves jacking up the database, or just replacing some index files with corrupted ones. I've changed all passwords for the host and ftp, so hopefully that thwarts any hacking.
I guess the main thing, out of curiosity is whether the hack involves jacking up the database, or just replacing some index files with corrupted ones. I've changed all passwords for the host and ftp, so hopefully that thwarts any hacking.