TechSpot

[Inactive] Website hacked - Help!

By Alex510
Mar 29, 2010
  1. I use vBulletin and my website is http://wrestlingaddiction.com

    It appears to have been hacked. The domain was pointing at a weird IP.. I fixed that though.

    It now works but only with www.? I looked in .htaccess and see the following and this was not there yesterday..

    "Options -MultiViews +FollowSymlinks -Indexes

    #
    # If mod_security is enabled, attempt to disable it.
    # - Note, this will work on the majority of hosts but on
    # MediaTemple, it is known to cause random Internal Server
    # errors. For MediaTemple, please remove the block below
    #
    <IfModule mod_security.c>
    # Turn off mod_security filtering.
    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
    SecFilterScanPOST Off
    </IfModule>

    #
    # MyBB "search engine friendly" URL rewrites
    # - Note, for these to work with MyBB please make sure you have
    # the setting enabled in the Admin CP and you have this file
    # named .htaccess
    #
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^forum-([0-9]+)\.html$ forumdisplay.php?fid=$1 [L,QSA]
    RewriteRule ^forum-([0-9]+)-page-([0-9]+)\.html$ forumdisplay.php?fid=$1&page=$2 [L,QSA]

    RewriteRule ^thread-([0-9]+)\.html$ showthread.php?tid=$1 [L,QSA]
    RewriteRule ^thread-([0-9]+)-page-([0-9]+)\.html$ showthread.php?tid=$1&page=$2 [L,QSA]
    RewriteRule ^thread-([0-9]+)-lastpost\.html$ showthread.php?tid=$1&action=lastpost [L,QSA]
    RewriteRule ^thread-([0-9]+)-nextnewest\.html$ showthread.php?tid=$1&action=nextnewest [L,QSA]
    RewriteRule ^thread-([0-9]+)-nextoldest\.html$ showthread.php?tid=$1&action=nextoldest [L,QSA]
    RewriteRule ^thread-([0-9]+)-newpost\.html$ showthread.php?tid=$1&action=newpost [L,QSA]
    RewriteRule ^thread-([0-9]+)-post-([0-9]+)\.html$ showthread.php?tid=$1&pid=$2 [L,QSA]

    RewriteRule ^post-([0-9]+)\.html$ showthread.php?pid=$1 [L,QSA]

    RewriteRule ^announcement-([0-9]+)\.html$ announcements.php?aid=$1 [L,QSA]

    RewriteRule ^user-([0-9]+)\.html$ member.php?action=profile&uid=$1 [L,QSA]

    RewriteRule ^calendar-([0-9]+)\.html$ calendar.php?calendar=$1 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)\.html$ calendar.php?action=yearview&calendar=$1&year=$2 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ calendar.php?calendar=$1&year=$2&month=$3 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ calendar.php?action=dayview&calendar=$1&year=$2&month=$3&day=$4 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-week-(n?[0-9]+)\.html$ calendar.php?action=weekview&calendar=$1&week=$2 [L,QSA]

    RewriteRule ^event-([0-9]+)\.html$ calendar.php?action=event&eid=$1 [L,QSA]

    <IfModule mod_env.c>
    SetEnv SEO_SUPPORT 1
    </IfModule>
    </IfModule>

    #
    # If Apache is compiled with built in mod_deflade/GZIP support
    # then GZIP Javascript, CSS, HTML and XML so they're sent to
    # the client faster.
    #
    <IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE application/x-javascript text/css text/html text/xml
    </IfModule>
    "

    Can someone tell me what that is? And how do I make my site work without www. again? http://wrestlingaddiction.com doesn't work but http://www.wrestlingaddiction.com does..
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I have no clue about un-hacking websites, so unless someone else will step in, your best bet will be to contact your host.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is a second website hacked in the last few days. I agree with Broni, if you have someone hosting the site for you, I think it's their responsibility to monitor the security. I was amazed on the other site that the host didn't have a firewall running.

    We can't do anything for you here- we check home computer system for malware, not web sites.
     
  4. jobeard

    jobeard TS Ambassador Posts: 13,446   +324

    That's an issue for the DNS, not the website itself.

    You can test this for yourself using run->cmd and then enter
    nslookup www.yourdomainName.
    and then
    nslookup yourdomainName.
    (note the trailing PERIOD at the end)

    Some basics on webservers.
    Take any webpage with some grahics. To include them when the page is served to the user
    you add an IMG tag like
    Code:
    <img src="[COLOR="Blue"]URL[/COLOR]" width="x" height="y" ... />
    in place of the URL some tools will generate an absolute url, eg (sampleA)
    Code:
    http://www.yourdomain.com/image/graphicname
    Poor choice!, as a relative url is faster and does not require the use of DNS, eg (sampleB)
    Code:
    /image/graphicname
    If your webpages contain IMG tagss like sampleA, then you're resolving everything via the DNS
    and the WWW becomes very significant.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.