My website was used by a freak hacker as a phishing site! What can I do?

hacking phishing

Solution 1:

If the hacker has managed to upload code to run, he probably has comprimised the server rather than the app. (this is just an initial hunch - he could have comprimised your server because of your app...)

Some basic pointers and things to do:

First off, change your passwords - All of them - Control panel, ftp users etc. Pick strong passwords that will be less vulnerable to dictionary / rainbow attacks. (use non alpha numeric characters, upper & lower case etc)

Check that no other users have been set up on the domain - if they have remove them immediately.

Pull all your code from the site and restore it from a fresh backup that you know is safe. Redeploy from your private source control if possible.

Ask your host to check that all security patches and updates have been deployed to your server.

Finally - time for a code review - need to check for SQL injections, XSS attacks, XSRF Attacks.

Solution 2:

If you use phpBB or Joomla or something like that, you always must have the latest version installed.

Related

Changing Nginx NGX_CONF_BUFFER
Does the Windows Server 2012 Data Deduplication feature work with 3rd party defrag programs?
PHP unable to identify sqlsrv_connect() function while trying to connect SQL Server
Which preposition to use with "rename"?
Is the plural of 'prefix' really 'prefixes' rather than 'prefices'?
Is there a difference between "holiday" and "vacation"?
What does "I stand corrected" mean? [closed]
How is a' in mathematics pronounced?
Friendly way of saying "I love you"
Why and when did 'Down's Syndrome' change to 'Down Syndrome'?
Meaning of "reach out to somebody"
Two English words to distinguish French words “numéro” and “nombre”