My website was hacked

[Glen]

Hey Everyone,

My website was hacked yesterday by someone who managed to get my FTP password. The hack was basically harmless as they put some links in hidden DIV tags, so it didn't deface the site. The host provider was able to get the IP address of the person who logged into my account (somewhere near Santiago, Chile), and I'd like to report it. Does anyone know of a site the helps to identify the ISP so I can report this attack?

Thanks in advance for any help you can provide. :rolleyes:

[Ferret]

If you know this much already, then surely you could find out their ISP ?

Why do you need to ask us ?

[~impuLsive]

Glen,

The issue should be left up to the host and not you. Let him deal with it. Search on Google for IP Whois Lookup (Most of them provide the ISP the IP belongs to) but the ISP is not really going to do anything. Just make sure you have a strong password this time. Good luck.

[Nicholas-c Veteran]

i have had a few issues with hackers and what not, i used http://www.ip-adress.com/ip_tracer

However. Its pointless. You can report them if you really like but its pointless as nothing will happen.

[Cupcakes]

Is your password really easy to guess and/or use a dictionary attack on? I'd increase the character length as well as adding in extra characters (!@#$%) to it.

Also run malwarebytes to ensure that you didn't have a trojan that ran through your FTP program looking for FTP info. I had this with a client of mine where his cracked FTP program allowed outside access.. Which is actually almost always adding in encrypted javascript to the footer. Very rarely do I see any actual hacking; Just FTP hijacking and redirects/hidden spam links tossed into the footer.

Glad it wasn't anything major though. Definitely run through to make sure nothing was leftover that your host might have missed :)

[Glen]

Is your password really easy to guess and/or use a dictionary attack on? I'd increase the character length as well as adding in extra characters (!@#$%) to it.

Also run malwarebytes to ensure that you didn't have a trojan that ran through your FTP program looking for FTP info. I had this with a client of mine where his cracked FTP program allowed outside access.. Which is actually almost always adding in encrypted javascript to the footer. Very rarely do I see any actual hacking; Just FTP hijacking and redirects/hidden spam links tossed into the footer.

Glad it wasn't anything major though. Definitely run through to make sure nothing was leftover that your host might have missed :)

Yes, I use a good number of numbers and symbols in my passwords so it was pretty secure. I've run malware scanners and everything comes up clean, so I'm good there. The IP from the logs was definitely not mine as I did a trace and it's somewhere in Chile (while I'm in Florida). In any case, I've changed my password and re-published the site so it's back to normal.

I guess it could have been a lot worse than it was. :rolleyes: