This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more hereX

Home > Discussion Forum

Discussion Forum

kermey kermey is offline
Connector
Join Date: Sep 2003
Posts: 389
Urgent question please help

Hello all,

Im abit stuck as to what is going on!

I went to my site today and its been replaced with some horse show page. I cant get into CPANEL on it or FTP, it says page not displayed.

http://www.deviant-fashion.co.uk

Have i been hacked and if so, what do i do??

The .co.uk domain is an addon domain, its meant to mirror the .com which still works. Any ideas as to whats happening here?

There are no customer info in databases yet as its new but if ive been hacked then any db's in future cant be secure enough to use??
Reply With Quote
The_JinJ The_JinJ is offline
Connector
Join Date: Mar 2004
Location: Scotland
Posts: 155
Is this you - Simon Meech? I see same person has .com so I guess it is

It's hosted on cpanel1.uk.othellotech.net
Give your provider a call - could be a dns mix up their end
__________________
Neil

Everythingink.co.uk - for all your printing consumables

Tartan Pixels - Buy, sell, edit and move pixels. Pixels YOU control!
Reply With Quote
kermey kermey is offline
Connector
Join Date: Sep 2003
Posts: 389
Im trying to get hold of them. Ive emailed them but they sometimes take a day to get back and im worried about this situation.

There forums are also down.
Reply With Quote
The_JinJ The_JinJ is offline
Connector
Join Date: Mar 2004
Location: Scotland
Posts: 155
info@othellotech.net
0871 277 6875
0871 277 6875

Called them and through to the worst sounding voicemail system ever lol! The systems claim to be up and running ok but not sure when status last updated - have you left a voicemail for them to get back to you?
__________________
Neil

Everythingink.co.uk - for all your printing consumables

Tartan Pixels - Buy, sell, edit and move pixels. Pixels YOU control!
Reply With Quote
swhiting swhiting is offline
Connector
Join Date: Dec 2003
Location: Ol'Suffolk
Posts: 235
have you still got problems?

It sounds like DNS settings have been screwed up (it is pointing to the wrong site?)

If it is really essential, email me and if you point it towards my nameservers I shall setup the DNS to point it towards the .com address again.
__________________
S.Whiting (UK)

I'm not lazy. I just can't be arsed to do pointless things.

- syIT Amazon Tools - Increase your Amazon Associates revenue using webservices without the hassle.
- HotSpotter - UK Wireless Networking Portal
- Jam Shop - Buy quality preserves and marmalades
- Audiologue.com - Online HiFi and Home Cinema Shop

Reply With Quote
kermey kermey is offline
Connector
Join Date: Sep 2003
Posts: 389
Thanks for the offer, that would take 24 hours anyway by which time im hoping it will be fixed. Nice of you to offer
Reply With Quote
swhiting swhiting is offline
Connector
Join Date: Dec 2003
Location: Ol'Suffolk
Posts: 235
thats the problem with DNS changes

http://195.66.240.211/cgi-bin/whois....-fashion.co.uk if that is you (as The_JinJ said) the domain should be safe and its just a misconfiguration (or hack) of the hosts DNS server.
__________________
S.Whiting (UK)

I'm not lazy. I just can't be arsed to do pointless things.

- syIT Amazon Tools - Increase your Amazon Associates revenue using webservices without the hassle.
- HotSpotter - UK Wireless Networking Portal
- Jam Shop - Buy quality preserves and marmalades
- Audiologue.com - Online HiFi and Home Cinema Shop

Reply With Quote
BEN's Avatar BEN BEN is offline
Connector
Join Date: Oct 2003
Location: Lancashire
Posts: 486
Yes I have the same problem!!

I have emailed/rang/left messages etc...the forums are down & nothing's is happening!!

Kermey--I have spoke with the site designer of the silver birch horse site & he hosts with DesigneRweb/othello too.

This is really bad service & I am in the process of changing my hosts.....grrrrrrrrrrrrrrrrrrrr
__________________
>MX24.co.uk - U.K. Motocross & Dirtbike Directory
>MotoGPForum.com - For MotoGP Addicts!
>Dogowner.co.uk - Sniffing out the best Dog insurance deals!


-----
Email/PM me for link exchanges on the above sites
Reply With Quote
The_JinJ The_JinJ is offline
Connector
Join Date: Mar 2004
Location: Scotland
Posts: 155
Just as a cheeky post...

If anyone having problems with them are looking for a decent host at a good price then let me know.
Drop me an email and I'll get the details - it's on a top of the range managed server in a comms centre, already hosts some well known sites.....
__________________
Neil

Everythingink.co.uk - for all your printing consumables

Tartan Pixels - Buy, sell, edit and move pixels. Pixels YOU control!
Reply With Quote
BEN's Avatar BEN BEN is offline
Connector
Join Date: Oct 2003
Location: Lancashire
Posts: 486
Also....my main domain is still fine, its just all the other sub-domains that are affected...you can still get your cpanel & ftp from the main domain.
__________________
>MX24.co.uk - U.K. Motocross & Dirtbike Directory
>MotoGPForum.com - For MotoGP Addicts!
>Dogowner.co.uk - Sniffing out the best Dog insurance deals!


-----
Email/PM me for link exchanges on the above sites
Reply With Quote
Adam Adam is offline
Connector
Join Date: Jun 2002
Location: Leighton Buzzard
Posts: 1,812
Othellotech took over from DesignR and I have had problems since Jay left.

I too am considering leaving. They only let you call them via an 0871 number at 10p per minute!
__________________
Adam Fahn

Vending Solutions from Vendesent.co.uk
Reply With Quote
kermey kermey is offline
Connector
Join Date: Sep 2003
Posts: 389
For some reason ive stopped recieveing emails notifying me of new replies (?)

Well im happy that its not hackers but how do you secure dbs anyway?? Thats on my list before going live.

Designr has really gone downhill. Still no responce from them. Maybe ill change too.
Reply With Quote
swhiting swhiting is offline
Connector
Join Date: Dec 2003
Location: Ol'Suffolk
Posts: 235
secure dbs from hackers? how do you mean?

Obviously you want to have secure usernames and passwords (make passwords alphanumeric). Also, if you can (most shared hosting can't) assign certain database users different rights to the database, ie, "web_user" is read only to the database and is used by all the pages just displaying information and "web_write" is allowed to write to certain tables (ie, the "orders" table) and is used only on pages such as the ordering page. This means hackers can't potentially access the database and write to it using exploits in any of your pages.

You need to make sure server errors (500 internal server errors etc) are turned off and no debug information (what has gone wrong in the script) is shown the users of the website. Hackers often use this as a source of information (Table names, outputting db fields etc) I redirect all errors to a single page "sorry, there has been an error. an email has automatically been dispatched to webmaster@domain.com etc etc".

One further thing is to properly make sure you validate all user input. One attack to search for is SQL Injection. It is a common dynamic website exploit but can be easily avoided. Make sure where a number is expected, a number alone is received etc:

For example:
article.asp?ArticleID=9 - as it should be
The SQL in the page will be: SELECT * FROM Articles WHERE ID='[ArticleID]'

A hacker (or anyone!) could easily change what ArticleID equals and totally change the SQL query to what they want and execute inserts, updates, deletes and authenticate as a user. The way to stop this is to limit the length of the input, the type of the input (only numbers) and to remove suspicious characters/words that could be used for these purposes (-- ; SELECT INSERT UPDATE etc)

As well as checking SQL input make sure HTML is stripped from user input also (not really relevant for an ecommerce site?) that will be displayed on the site. I am surprised that these forums allow any user to put normal HTML in the signatures of users. The HTML could include JavaScript that could trigger some nasty effects (popups, banners etc etc) all from your own site!

Usually implementing all of these will be very effective in website frontend security.
__________________
S.Whiting (UK)

I'm not lazy. I just can't be arsed to do pointless things.

- syIT Amazon Tools - Increase your Amazon Associates revenue using webservices without the hassle.
- HotSpotter - UK Wireless Networking Portal
- Jam Shop - Buy quality preserves and marmalades
- Audiologue.com - Online HiFi and Home Cinema Shop

Reply With Quote
openmind's Avatar openmind openmind is offline
Connector
Join Date: May 2004
Location: In front of my computer
Posts: 3,480
At the risk of sounding like somone profiting from someone else's misfortunes, if any of you guys need hosting feel free to take a look at our plans: www.simplycfhost.co.uk

Adam will back me up here when I say can be trusted

And if he doesn't I'll break his legs!!!
Reply With Quote
Adam Adam is offline
Connector
Join Date: Jun 2002
Location: Leighton Buzzard
Posts: 1,812
I am limping to the computer now to agree.
__________________
Adam Fahn

Vending Solutions from Vendesent.co.uk
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT +1. The time now is 12:07 PM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd. Copyright Shell LiveWIRE 2005-2009