My Site Got Hacked Today
 

The site where I spent most of my time and doing most of my work, my playground, got hacked today and totally wiped out. One of my other admins said all the pages were blank with the exception of the words Hacking Attempt! up in the top left hand corner.

By the time I got online to check everything was gone - 3 databases deleted and all the files gone from the server, tons of hours and some unique scripts wiped out.

I'm not going to attempt to rebuild or open a new site, sites are getting hacked all too frequently now and I'm not about to pour numerous hours and money into something that could get wiped out again by someone looking for a cheap thrill or whatever it is they gain from taking down a site. This might come as a surprise but it is a hassle I don't need.

I'm going back into hospital next month for a follow-up to surgery I had at the turn of the year, maybe after that (and by which time vBulletin 5 should be appearing) I'll look at the possibility of opening a new site and continuing my hobby but in the meantime I shall bid you farewell.

*This does mean all my mods that say 'Not Supported' will now definitely be unsupported and anyone looking for v3 Arcade support will need to go through the vBAdvanced guys.

Thanks for giving me a home for the past 8 years - it has been a blast.

Really sorry to hear about this.
It is something that gives me sleepless nights.
Best wishes to you.

This is most unfortunate? Dont you have any other backups from which you can restore? Even old offline ones?

In any case I urge you not to get completely demoralised by this and quit. You should try to rebuild/recover your site.

No, not really. It would require too much work and I don't think I've got copies anymore of many of my edits to files or templates.

Just found out too that the Twitter and Facebook accounts for our site were also hacked.

Wow, it almost sounds like you were targeted, that is wasn't just some script kiddies deciding to have some fun hacking a site. I'm sorry to hear this. It's an awful feeling to wake up and have a surprise like this waiting for you! :(

Hey, Gemma
Take Care.
I was just starting to check out your site and was seriously thinking of joining :(
Sometimes the bad hackers just don't realize who they hurt.

I am looking forward to seeing you on vB 5

Cheers, :)

Oh cr*p :(

Reading your OP a couple of times it wasn't the site being hacked but your server,which means that was not secured somehow.

Was this shared hosting or a VPS and what control panel did you use?

I had a VPS messed with a couple of years ago and that was through CPanel.

I was lucky to have full backups and database copies so we were in control again within an hour.
The VPS was then firewalled so that only a couple of IP's could access it.

File and template edits are not as important as they seem. Even basic forum software is quite good. Restore your site with what you have now. More modifications can come later.

How could they get credentials for you facebook and twitter account?

Sorry to hear this Gemma, even it happened to me once. Never give up!!

If you need any help, i am just a pm away ;) [of-course for free]

Also, good luck with your surgery.

Peace.

Gemma, firstly good luck in your surgery and as socialteenz said if you need help just ask, we'll all do what we can to get you back up and secure :)

I got hacked about 3 months ago by Anonymous simply so they could use my server to send millions of emails asking people to rise up against parliment and congress.

By hook or by crook i managed to get in contact with someone who could contact them, i asked them to stop and why they were doing it, they simply said it's unfortunate that there are casualties of war!, i got blacklisted everywhere and felt like you, but i put my head down and got to it, now i still have my playground and still enjoying it :)

Very sorry to hear but this should serve as a waning to anyone else here- You are ONE BAD DAY AWAY from *EVERYTHING* about your forum being wiped off the face of the Earth.

You *NEED* backups... Daily, weekly, monthly, SOMETHING. And even if your web host claims they back up for you that is not enough- You still need a backup on your own system(s) because your web host is also one bad day away from being wiped out.

I understand daily backups (manually) are annoying but if you invest any time in your forums there's no excuses for not at least monthly backups. Make it a routine thing on the 1st of the month.

You can google for some software/packages that will help automate database backups.

Yes, very sorry to hear about this. :(

You have, unfortunately, learned the hard way, ALWAYs have backups of everything (off-site).

@Gemma. I am sorry to hear that you were hacked. As it seems all your sites were affected it does seem like you were targeted.

I know a little of what this is like, as I was hacked twice and my personal information stolen, to be used by low life's and those who support them.

Your loss is more than mine and I am sorry to hear about it.

The hackers and scammers pose a real threat to decent people and many of us are doing our best to stop them, but sadly they sometimes have influence and are believed by others.

I am not a tech but If I can help just ask. AL.

Sorry to hear about this... :(

Let us know if theirs anything you need.

I think we've all dealt with scammers, hackers and hacker attempts. Birdoprey and Paul M have written some sound advice above.

I am however impressed how you were able to survive without backups for 8 years... that is actually quite a feat..

My old site was hacked, I decided to re-do the whole thing but it took tons of hours and months to get it back to where I needed, since then I setup a secondary backup server where if something happened to my main vps that there would be a backup server on a different machine that I can access it, you never know the internet and how evil some people are.

I feel for you mate, one of the worst feelings ever.

Thanks for the replies and offers of help :)

Didn't say I didn't have any backups....just none from the last few months and I'd be missing a hell of a lot of customizations and hacks that are either no longer available or I'd tailored to my own site needs. I've got a bitter taste in my mouth just now that leaves me wanting nothing to do with rebuilding or restoring anything.

I was given some server space by KW802 from my time helping out on v3 Arcade - it doesn't look like it was anything to do with the server though as only my site and files are affected. I agree with others saying it was a personal attack - which itself is interesting and I have an incline as to who may be responsible if that is the case (though I think they are too dumb to hack anything themselves) - I'm also seeing tons of site access entries from hidemyass.com IPs (not sure how relevant that is), I also have the feeling that Living Avatars admin panel may have something to do with it all but can't be sure (yet).

@Gemma. An area for concern is how did they gain access? Is your pc security also compromised

I think it would be a good idea to do some scans for a keylogger.

If you need a good free anti root kit program just send me a pm and I will give you the details.

Did you have the second patch level installed? I know it can be tedious to keep up with patches and updates. Maybe someday vB will have, like WordPress, auto-updates. If you're being targeted, you could try CloudFlare. It's free and takes on the task of handling these kinds of issues.

Also, if you're on cPanel, i'd highly recommend going to a Plesk host, or, since VPS technology is available on every street corner for a song, get a linux VPS, install Plesk (cheap) and let it update itself automatically to keep up with OS level security.

Don't give up. That's exactly what they want you to do. Just give em the finger and keep on trucking.

Gemma,

As Setishock said... "Don't give up" !

Please take care of yourself though and I hope you hear nothing but good news in the follow up!

Remember, they fight poorly and only those who "fight the good fight" live life better ;).

That sucks mate, try asking your host if they have some sort of backup, good luck.

Thanks again for all the replies.

I've found it is pretty hard to stay away from something you have been doing for 8 years....so on a new domain and new server and using some of the tips and advice posted here we have a new site up and running; a new little place to call home :)

Well done. These things happen and shouldn't bog you down. Do try to keep regular backups from now on. :)

by the sounds of it and considering what's been happening lately re: hacked websites the perps had your email address and password and possibly a username to cause unrest with... gleaned via another website holding your data which was hacked (gaming sites with many members are popular targets) they use the data some months later for spamming or just for cash-sale... or you had a key-logger installed on your home machine, if you got an email recently from a mainstream site saying 'sorry we were hacked, change your password' then that's the cause...

It sounds like just malevolence by an individual who may not have known you with those two vitals bits of information, email address and password... you might of heard in the news of some popular websites being attacked, well it's basically criminals going for mass data-collection for use a year later... data is king on the internet, your monitored by authority and hacked by the criminals with borrowed knowledge...

i wish you well in future endeavors.

Kudo's to you Gemma!!

What was the site name?

That's irrelevant.

Woah, chill out, Im sure he was just curious. :cool:

Well, it has been a couple of months since our rebuild and I'm pretty pleased with the outcome.

http://www.arcadejunkies.org/content/

Taken a few weeks longer to get finished because we moved to a new server and I had a few loose ends with my health. But all is good now :D

It won't be everyone's cup of tea but our members seem to like it and that's what counts for us.

Looks great love the skin

@Gemma. I like what you have done with your site it looks good. It scans clean so this is great.

Re the proxy " Hide My ass" It seems there are certain "patches" that can defeat it.

I know of a scam website that recommends it, as THEY can read through it.

Nice work in getting back up and running and with a very nice looking website.:):up:

Well done, looks clean, looks great.

Nice to see you up and running. :)

I just took a lok at your site and wow comes to mind. So clean. So neat.
Good to see you're back.

Thanks for the kind words :)

ah man this is really sad to hear. I enjoyed your site and the time I did post there for awhile. I know you worked hard on it.

I know this is an old thread but it got me to thinking, what would I do if this happened to my site.

Is there a thread or a manual on doing a proper backup "off-site"?

I feel that any decent hosting company should have weekly, if not daily, full backups of the site to restore. I also make an effort to download a full site & db backup each month, and before/after any major site updates.

Takes 3 minutes to save countless hours (days... months... years...) of work.

It would be nice if the hosting company did it, but don't just count on them. You, the admin, should be making sure to take a daily backup. See these links on backups and restoring.

From the manual:
Backing Up The Database via SSH/Telnet or
Backing Up The Database via phpMyAdmin

Restoring The Database via SSH/Telnet or
Restoring The Database via phpMyAdmin

If you don't have shell access, some people have also reported success with these scripts:
MySQLDumper
MySQLHotxcopy
Bigdump

I like MySQLDumper because it's quick to backup and restore. I always make a backup using phpMyAdmin (or whatever the hosting manager software allows) and MySQLDumper since phpMyAdmin does not make "100% backups 100% of the time" try more like "100% backups 99% of the time" :p.

I would find a host who offers backups, some have hourly backups and some daily... some cost you $$$ to add that onto your "hosting package" and others don't charge anything extra.