I said Part III would be the last but... We had a minor victory! So here is Part IV
Ahhhh (sigh of relief)
It feels good to have those pages back!
And... (which makes the minor victory so much sweeter) I was right!
As I eluded to in the first post, the hackers probably did not do any extensive damage to the site. It was beyond simple to fix once I figured out what they did.
This is how I figured it out:
If you read Part III you might remember that I googled and found other victims who had been hacked by the same guys. And I sent a few of them an email (which I quoted in that post).
Well, as luck would have it one of them had the answer to my problem:
I knew it! It was just as I expected. I saw that the page was redirecting to their site (and the "hacked by ..." message) after a few seconds.
So I knew that they must have placed a meta tag (html nerd language, just ignore) on my page, but I didn't know where and I didn't know if that was the only damage.
Well, after I received this email I knew exactly where to look. And this is what I found:
The last part of that, with the "refresh" part, is html that redirects to their message. So I just had to clip all of that out.
Helping Other Victims:
So now that I've fixed those pages I plan to email other victims (some I've already contacted) that I found through Google and tell them about how they can fix their sites.
In hindsight it looks like we were pretty fortunate. It looks like some of the other sites suffered more damage.
Now to wait and see if Godaddy takes action against the hackers' website...
-Tori
It feels good to have those pages back!
And... (which makes the minor victory so much sweeter) I was right!
As I eluded to in the first post, the hackers probably did not do any extensive damage to the site. It was beyond simple to fix once I figured out what they did.
This is how I figured it out:
If you read Part III you might remember that I googled and found other victims who had been hacked by the same guys. And I sent a few of them an email (which I quoted in that post).
Well, as luck would have it one of them had the answer to my problem:
"My phpzabi site was hacked but the damage was
minimal. They only managed to place a re-direct code at the bottom, where
the copyright information usually goes. I was able to hit the "stop" key
while the page was loading, entered the admin area and went to configuration,
and removed their code. Pretty simple"
I knew it! It was just as I expected. I saw that the page was redirecting to their site (and the "hacked by ..." message) after a few seconds.
So I knew that they must have placed a meta tag (html nerd language, just ignore) on my page, but I didn't know where and I didn't know if that was the only damage.
Well, after I received this email I knew exactly where to look. And this is what I found:
HACKED BY [name odmitted]
HACKED BY [name odmitted]
HACKED BY [name odmitted]
HACKED BY [name odmitted]
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.[URL odmitted]/Deface/ccn/dfcd4.html">
The last part of that, with the "refresh" part, is html that redirects to their message. So I just had to clip all of that out.
Helping Other Victims:
So now that I've fixed those pages I plan to email other victims (some I've already contacted) that I found through Google and tell them about how they can fix their sites.
In hindsight it looks like we were pretty fortunate. It looks like some of the other sites suffered more damage.
Now to wait and see if Godaddy takes action against the hackers' website...
-Tori
Labels: we've been hacked
posted by Nipponster Staff at
4:45 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home