rickstoker said:
My sites have been hacked into also and I'd appreciate a little more support than "let us know how you come out and what you learn."
That's why I'm at this forum -- to learn!
Okay, let's move on then.
This is the forum where users of DirectAdmin software learn about the DirectAdmin software they've bought and paid for. Others, who either have reseller accounts with hosting companies or have domains hosted with companies, those companies using DirectAdmin, are also welcome.
However we can't help you unless you're a licensed DirectAdmin user with root access to your server, because we don't know what's going on inside your server, and if we ask you questions you can't tell us the answers, because you can't log in as root to find out.
Are you a licensed owner of the DirectAdmin software system?
How did this breach of security happen?
The only way I'm going to know that is to log into your server as root and look around. If you can log into your server as root, then you can use tools such as
http://www.chkrootkit.org/]chkrootkit[/URL] and/or
rootkit-hunter. To use these helpful tools to answer your question you have to be able to log into your server as root, and install and run them as root.
What is Newwebsite going to do to stop future hijackings?
We're
not Newwebsite, so we have no way of knowing. Do you mean the website:
http://www.newwebsite.com/
If so, their contact page is
here.
I tried calling but nobody answered.
If they don't respond to the addresses (snailmail and email) and phone numbers listed there, you can find a non-toll-free number and a fax number in their whois record; you can look up their whois record
here.
I haven't yet tried to overlay the hacker page with the real site -- but I presume they changed my password. If so, what do I do? They didn't tell me the new one.
It's doubtful they changed your password, though it's possible. It's more likely they used a script that modified all the websites on the server. If they did change your password, only your hosting company can help you.
I'm going now to try to put up my real site at my main domain but will leave the one at
www.auction-sales-writing.com up so you can see it. Wouldn't that help the investigation?
Probably not.
It was NOT a domain level hack -- all my newwebsite sites are hacked, so it was done at web hosting level.
Which is why your webhosting company is who you need to turn to for support, and why I don't think your password was changed. I don't think they even know or care what your username is.
Again, what are you doing?
Me? I'm taking valuable time out of my day to educate you and others about why writing to the control panel company is the last place to go for help when your website is hacked. It's probably a thankless job, but I try
.
I'm also listening to the (nice, btw) classical music that either you installed with your site, or they installed with your hack. I hope you're not being charged for the bandwidth; it makes great background music for my office
.
Is there something I should be doing that I'm not? I don't give out my password. So what should I be doing?
The most important thing you can do as a client of a webhosting company is choose carefully.
Always try the phone number and email first, before buying, to make sure you get timely responses.
You can make sure you don't use PHP settings that leave you vulnerable; there are many versions of software out there, software in heavy use by lots of website owners, that can be used to hack an entire server. I won't name any of them (though searching these forums may be quite productive) because the list changes daily.
You can make sure you don't use vulnerable software; again that list changes daily.
The most important thing a webhosting company can do is act proactively and have a plan in place so that even if you are hacked you can be back up and running quickly. I'd add that you should host with a company that keeps your software up to date and does your backups for you, except that if I did some would complain I'm advertising my own company
.
What specifically should I be learning
and all of us be learning to prevent this?
That hosting in a shared environment involves many risks, as any software running on the entire server can be used as an avenue of attack to bring down
your site(s).
You might host with a company that sets your site up on multiple servers so if one has problems the others will continue to work (we and others offer that).
If your sites must be up all the time you may need to get a "managed resources" account (we and others offer them) where only you use the resources of your own virtual server, so you only have to worry about your own content, and not content of others, which might bring down the server.
You might also decide your own server, even if you've only got one domain name.
I've never had it happen at any other
web hosts.
I don't know anything about your hosting company, but with so much hacking going on daily, I'd still say that though they might have contributed to the possibility of a hack with loose security, it's pretty much just your rotten luck today.
Jeff