Hello,
I was building a site based on a little modified Nucleus CMS script. I was just adding the finishing touches, getting ready to launch in a few days, until I opened it today to see it hacked It had many files added in many directories, as well as a bunch of stupid links (to search sites, etc). I was sooooo frustrated (this took me back a good week of my work, since because of my stupidity I didn't make any backups to dl, I figured if no one visits my site yet, why?)

How do those things happen?
I was kind of suspecting the XML-RPC lib of Nucleus CMS was exploited, but not sure. Any ideas how to keep my site safe? Because I won't be changing to another script.
It might have been a keylogger on my PC, but I kind of doubt that.
Could it be my hosting's fault?

I don't know what to think... This is so annoying How to make sure it won't happen again? OK just don't offer to use antivirus and firewall, tell me how to protect the website, because I know nothing about this.
For now I've deleted everyhting from public_html directory (I copied the content and everything else that I could, but script was damaged and I couldn't make a backup using Nucleus feature), can there be some "backdoors" left in other directories? For example are those .bash* files supposed to be there?

I am sorry that this happened to you. I have too experienced things from getting scripts as well. This is why I only write my own at this time. I do not believe that people who offer scripts actually would do this but they do.

only hosting to go wtih is a secure linux based server, while looking at hosting, google some reviews for them also

it could have been host... was a free one? if yes, most probably it was the case... and yeah, always go with trusted hosts - don't think that cheap ones are any good

ThunderHost.biz not a free one

well, you get what you pay for... 3$ p/m for 1gb is insane low price... anyways, it might not be host but your script - it's impossible to say that either of those is 100% responsible

check this article to get an idea on choosing a host

http://teahost.com/forums/index.php?showtopic=25

I thought it was, but I contacted admin and he said:



I'm unable to determine what caused this, so I'll just reinstall Nucleus, re-do the site and hope it stays safe this time

Have you contacted Nucleus support about this? Maybe the script the or modification part had some kind of security hole or smth...

I'll ask in their forums.
Thanks for your replies. However I don't think I'll be changing my hosting provider as I already bought whole year package

never buy yearly plans... cause that's a big scam - read my article carefuly for details...

site was hacked not really because of host,there are many bugs and exploit can make your site hacked.
If you run a CMS site,put a .htaccess file in the admin area to prevent hacker to got it,they have to guess two password to get in to admin area.You can also allow some range of ip to access your admin folder,it would help.

Thanks a lot for the tip. What should be inside .htaccess file?
I doubt however that there is a feature to restrict admin access by IP in NucleusCMS, but I'll look... It's a small CMS, mainly meant for blogs, but it fits my needs pretty well.

you can restrict access, via htaccess, just by going to cpanel of your host and configuring it...

if you want to do it manually, read this: http://www.javascriptkit.com/howto/htaccess.shtml

Most probably it is the Nucleus CMS that have exploit. Input "Nucleus CMS exploit" as the keyword on major Search Engine like Google or Yahoo and you will get a bunch of results.

too bad that everyone on the net is not honest and has honest intentions. As stated above I would be cautious about any yearly hosting plan simply because many people like the opportunity to change hosting plans if they are not happy with one.

I have paid for a year with GoDaddy.com and I love them.

It is ok because Godaddy is a established company with quite reliable service.

I offer cheaper hosting plans when paying yearly.
$3 per Gb... I would happily match that, currently I am looking at high-bandwidth sites and charge 9.99 for 20Gb bandwidth (mthly)
so 3 bucks a gig Id happily accept.
Although I do not own my servers, they are located in a very reliable datacenter, and I have been using them for a long time. I also spread risk across several dedicated servers in different data centers.
anyone could get a dedicated server (usually cost between 200-600 per mth)
with that you would likely get 1000-1500Gb mthly bandwidth, calculated at $3 per Gb if you fill the server thats over $2000 per mth profit with minimal outgoings.
price is never a good way to decide on a good host, even the expensive ones can be dodgy. Go with recomendations from friends, people you know who already have websites, ask them who their host is, and check them out.
Kiwi

kiwideals
it's a wrong place to advertise...yearly plans are scam! never touch them

This is a big problem in alot of scripts that are out there. I have found numerous holes in HYIP scripts, surf scripts these types of scripts that you have....unless you are a programmer expect something like this to happen.

If someone knows the script, they then know the url to get inside and do some damage. The .htaccess idea is a very good one and should be implemented...

Oh and always back things up somewhere else. We have all lost things because of no back up...


Oh and as others have said, never pay for a yearly plan unless you have had good history with the hosting provider. Personally I would never do a year plan with anyone...but that is just me...

I have the same offer on my own server, and we havent had anything but 100% uptime, the main difference is.

If you have a good server! things like this wont happen.

PS: The script might have also been a fault for this, since i see no real reason y a webhost would do this to his clients.

Danny...

Dannyboyonline

sorry, I didn't mean your host - well basically my point is that I have to pay for system admin, I have to pay light/room rental fees / I've to pay energy fees, I've to pay taxes - I have to pay to support employees, I don't how people can efford host for 1-2$ millions of GB-s! that's just insane... or you are just another reseller.

yes sure, if you are running a good server that won't happen. But the point is that for those low fees you cannot efford good hosting!

yes I also agree that it could also be scripts fault

LOL sandrodz let me explain how it works with my company,

We were mainly a local company selling hosting only to our local audiece for the last couple of years. Since here in our country hosting is still highly priced, we managed to get a good number of clients who took advantage of our prices and that is why we can afford to sell hosting at very low prices.

sandrodz no need for sorries we're all discussing here i know u didnt mean my host, i was just counter-explianing your statement thats all

Danny...

This is what many companies do, and I would recommend that if you are very established that you continue to offer discounts to your yearly members. I think that not all yearly hosting plans are a scam. They are established to keep customers a long period of time. But you have to make sure that you have excellent service always and that those longer hosted companies are treated extremely well.

I agree that just because they are more expensive that does not make them better. I think at one time or another most every company that has a site will change hosts for whatever reason. You need to do some work for yourself and ask around, check people out, and see how realiable the hosting place is and not just decide because people tell you that lower prices are crappy.