Through all my troubles of getting to the cpanel of my account and accessing my site come to find out its been hacked, this is what it said on the index.php page of my forum..



i've deleted everything i had in the public_html...these bastards i hate hackers.. now i have to change all my passwords

The trap takes security quite seriously and you need to be just as concerned about it.

Do you have any details about this event that the Server Admins need to know about? Was there a breach through the server defenses? Or was it a couple of buddies that guessed your password?

What makes you think it was a "hacker" and not a friend who knew the password?

I would wonder why someone would go hacking into another person's site? Just for the fun of it? You just wake up one morning and instead of thinking to do one good thiing for that day, all you could think of was to go destroy something someone else has taken his time, ideas, knowledge and zeal to build.

That aint good at all and people should stop it.

Im sure it was a hacker because nobody i know personally would do this and its near impossibly to even try to guess my password.. Once i got to my home page i was "shocked" because i never thought i would get hacked plus i've worked hard on it, but Oh well

Was your site made with PHPNuke or another system like that? If so, you dont have to change your passwords but you do need to follow when new releases of those system are released and you need to be sure to upgrade. Also you need to add plugins that help protect against sql injections and so forth since they are a very common way to hack a site. Just google the system you are using (whether it is a forum or whole site system) and hacking to get ways to protect your site.

This is why I always keep a copy of all of my websites locally on my harddrive
This sounds like these two just decided to have some fun and see what kind of havoc they could cause. I agree sometimes website hacking and sql injection can be fun but I never do it on a real person's website. It's more fun to use simulations like hackthissite.org. Whoever did this is pathetic that they have nothing better to do than wreck what others have worked on. Good luck rebuilding your site

If you installed custom scripts or used any free scripts to run your site, i.e. Joomla or PHPNuke, you must update with the latest patch otherwise security holes can leave potential juveniles to mess with your hard work.

That's hardly any hacking really--just them knowing you installed outdated scripts on your site.

Please know the current security issues with any scripts you install, and double check your customized script. We're here to test it out for you in the friendly environment

If it's files that were messed with just permission them to 444. You yourself won't be able to overwrite them unless you manually change them but your site is safe from script kiddies. I've had a site hacked once - a person added adds and redirects on the site to various advertisements in key PHP scripts. I just overwrote them with the originals and permissioned them to 444 and everything worked out great. Apparently they couldn't figure out how to use Unix. The hacking stopped after that after two days of that in a row of that issue happening. A changed password also helps a lot. The more it looks like you rolled your head on the keyboard, the more secure it is. I wouldn't be too concerned about changing the password in Joomla as the password to your FTP. That's where it looks like they did the damage. I stupidly had my index.php of my forum script set to 777 and they just replaced the thing with text. Usually it's nothing extremely harmful like lost data from my experience - just guys that like to replace things in scripts so they are noticed. The MySQL database isn't even touched. You can easily fix those problems by overwriting the scripts.

Well, other then what i can see, it looks like its your fault not trap17. As trap17 is most likely (from what i've heard/seen) hosted on Opaque's and maybe buffalo's computer. Only way you could be hacked is if BF or Opaque would do it, or somebody does something to their computer. However, I doubt neither of th ose happened, as buffalo and opaque are both trustworthy, and would have no need for it. Therefore it lies into your password or failing to have good scripts/sql injection protection.

As said before, make all the files you NEED 777, and all th eones you don't really need permissions set to 444. That way its harder to have sql injections, and then you'll just need a better password. If you are using a forum system like a newer one, get a better one until the other one gets more updated. By newer i mean those that have just started.