deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
Just after a bit of reassurance before I get to work tomorrow and start picking up the phone!
Our work website got hacked early hours of this morning and was replaced with a strange Turkish holding page. I'm no techy and have no understanding of what they did, but the issue got sorted.
The company that we pay to do our hosting got it up and running again so all was fine.
I get home to do some content work and the website is down again, with every URL redirecting to "/cgi-sys/suspendedpage.cgi".
Website in question: http://www.sec-online.co.uk
Where is the issue laying now? Has the site been hacked again or is the hosting company not liking what happened so suspended it?
Any info would be great!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
I would say the host, webfusion.co.uk, have suspended the account. Get onto your web dev company and get them to chase it up with them unless you have direct dealings with webfusion.
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
So Webfusion would have suspended it because of the dodgey activity earlier today?
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
Hmmm, now have the following message:
code:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
did you change all the password etc. If they didn't it was probably just rehacked and then screwed up again.
You should be able to get the webhost to reset the account, reset all passwords and then restore the website from a known point in time (if they provide backups for your package)
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
All sorted now. All issues layed with host rather than Webfusion who only host the domain.
So who checked at work and works for a US based company?
We use Lead Forensics which tracks fixed IPs and gives company information.
Jacobs Engineering Group Inc
Oak Ridge (TN), United States
www.jacobs.com
865 220 4800
Total Website visits: 1
Date/Time: Oct 30 2013 12:42PM
Duration: Bounced
Webpage: Link - http://c20xe.co.uk/board/viewthread.php?tid=660252 (http://www.sec-online.co.uk/)
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by deano87
All sorted now. All issues layed with host rather than Webfusion who only host the domain.
Hosteurope.de your host then? Did they suspend the account due to the hack?
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
I must admit I thought it was Rackspace.
Site needs redeveloping anyway as it was built badly and still on Joomla 1.5 so having major issues.
|
