Dear GHoST 61…
Thank you GHoST61 for hacking the index.html of all of my websites. I’m actually not mad at you for this. Quite the opposite really. You’ve done a very simple hack that was, for the most part, non-destructive. In fact, you’ve taught me 2 very valuable lessons. The first is that I should always backup the content of my server to my harddrive. Fortunately, of all the sites I have, only 2 needed to have the homepage reloaded. The second lesson is that I need to more tightly secure my server. If it was that easy for you to hack in, who knows what else could have been done by someone with more malicious intent than your own.
So, you’ve been hit by GHoST61, what do you do now? All that’s happened is that your index.html file has been changed. If you didn’t have an index.html file but rather an index.htm, index.php, etc, then all you have to do is delete the 24byte index.html file and your other index file will take back over and you’re fine. If you did have an index.html file and he overwrote yours, then you will have to re-upload (hope you keep a backup on your computer) your index.html to your server.
The next thing you have to do is secure your server. Below are some sites where people have mentioned how they fixed their stuff:
http://www.kisaso.com/technology/hacked-by-ghost61-my-blog-got-hacked/
http://www.webhostingtalk.com/showthread.php?t=948590&page=2
http://codex.wordpress.org/Hardening_WordPress
I wanted to let your readers know that the hackers behind defacement attacks often leave behind more than just defaced pages. They often leave behind back doors to your website, also known as shell scripts.
These back doors allow the hacker to come back later and load phishing, viruses or other malicious code into your account.
If you experience a defacement attack contact your web host and see if they can run a cleaning script. Make sure your PC is clear of viruses and change your account passwords. Its also a good idea to keep “clean” back up copies of your site and keep your WordPress and its plugins up to date as possible.
Thanks Tom! That’s great advice!