Urgent question please help

[kermey]

Hello all,

Im abit stuck as to what is going on!

I went to my site today and its been replaced with some horse show page. I cant get into CPANEL on it or FTP, it says page not displayed.

http://www.deviant-fashion.co.uk

Have i been hacked and if so, what do i do??

The .co.uk domain is an addon domain, its meant to mirror the .com which still works. Any ideas as to whats happening here?

There are no customer info in databases yet as its new but if ive been hacked then any db's in future cant be secure enough to use??

[The_JinJ]

Is this you - Simon Meech? I see same person has .com so I guess it is

It's hosted on cpanel1.uk.othellotech.net
Give your provider a call - could be a dns mix up their end

[kermey]

Im trying to get hold of them. Ive emailed them but they sometimes take a day to get back and im worried about this situation.

There forums are also down.

[The_JinJ]

info@othellotech.net
0871 277 6875
0871 277 6875

Called them and through to the worst sounding voicemail system ever lol! The systems claim to be up and running ok but not sure when status last updated - have you left a voicemail for them to get back to you?

[swhiting]

have you still got problems?

It sounds like DNS settings have been screwed up (it is pointing to the wrong site?)

If it is really essential, email me and if you point it towards my nameservers I shall setup the DNS to point it towards the .com address again.

[kermey]

Thanks for the offer, that would take 24 hours anyway by which time im hoping it will be fixed. Nice of you to offer

[swhiting]

thats the problem with DNS changes

http://195.66.240.211/cgi-bin/whois....-fashion.co.uk if that is you (as The_JinJ said) the domain should be safe and its just a misconfiguration (or hack) of the hosts DNS server.

[BEN]

Yes I have the same problem!!

I have emailed/rang/left messages etc...the forums are down & nothing's is happening!!

Kermey--I have spoke with the site designer of the silver birch horse site & he hosts with DesigneRweb/othello too.

This is really bad service & I am in the process of changing my hosts.....grrrrrrrrrrrrrrrrrrrr

[The_JinJ]

Just as a cheeky post...

If anyone having problems with them are looking for a decent host at a good price then let me know.
Drop me an email and I'll get the details - it's on a top of the range managed server in a comms centre, already hosts some well known sites.....

[BEN]

Also....my main domain is still fine, its just all the other sub-domains that are affected...you can still get your cpanel & ftp from the main domain.

[Adam]

Othellotech took over from DesignR and I have had problems since Jay left.

I too am considering leaving. They only let you call them via an 0871 number at 10p per minute!

[kermey]

For some reason ive stopped recieveing emails notifying me of new replies (?)

Well im happy that its not hackers but how do you secure dbs anyway?? Thats on my list before going live.

Designr has really gone downhill. Still no responce from them. Maybe ill change too.

[swhiting]

secure dbs from hackers? how do you mean?

Obviously you want to have secure usernames and passwords (make passwords alphanumeric). Also, if you can (most shared hosting can't) assign certain database users different rights to the database, ie, "web_user" is read only to the database and is used by all the pages just displaying information and "web_write" is allowed to write to certain tables (ie, the "orders" table) and is used only on pages such as the ordering page. This means hackers can't potentially access the database and write to it using exploits in any of your pages.

You need to make sure server errors (500 internal server errors etc) are turned off and no debug information (what has gone wrong in the script) is shown the users of the website. Hackers often use this as a source of information (Table names, outputting db fields etc) I redirect all errors to a single page "sorry, there has been an error. an email has automatically been dispatched to webmaster@domain.com etc etc".

One further thing is to properly make sure you validate all user input. One attack to search for is SQL Injection. It is a common dynamic website exploit but can be easily avoided. Make sure where a number is expected, a number alone is received etc:

For example:
article.asp?ArticleID=9 - as it should be
The SQL in the page will be: SELECT * FROM Articles WHERE ID='[ArticleID]'

A hacker (or anyone!) could easily change what ArticleID equals and totally change the SQL query to what they want and execute inserts, updates, deletes and authenticate as a user. The way to stop this is to limit the length of the input, the type of the input (only numbers) and to remove suspicious characters/words that could be used for these purposes (-- ; SELECT INSERT UPDATE etc)

As well as checking SQL input make sure HTML is stripped from user input also (not really relevant for an ecommerce site?) that will be displayed on the site. I am surprised that these forums allow any user to put normal HTML in the signatures of users. The HTML could include JavaScript that could trigger some nasty effects (popups, banners etc etc) all from your own site!

Usually implementing all of these will be very effective in website frontend security.

[openmind]

At the risk of sounding like somone profiting from someone else's misfortunes, if any of you guys need hosting feel free to take a look at our plans: www.simplycfhost.co.uk

Adam will back me up here when I say can be trusted

And if he doesn't I'll break his legs!!!

[Adam]

I am limping to the computer now to agree.