My website got hacked?

[vitinho444]

Hey guys, i went to visit my website www.oryzhon.com, and turns out all tables are missing from the DB.. i checked out and they are there, but they seem to be in some kind of ghost mode...

Did i just got hacked or something? What do i do?

[hallsofvallhalla]

weird never seen that. So they are there but not there? How can you seen them? Through PHPMyAdmin?

[Jackolantern]

It seems odd that someone would do that. Typically if a hacker gets that kind of access to your db and they want to just cause havoc, they will drop them.

[vitinho444]

weird never seen that. So they are there but not there? How can you seen them? Through PHPMyAdmin?

Yap i can see the tables in PHPMyadmin but when i click one it says they don't exist :O

It seems odd that someone would do that. Typically if a hacker gets that kind of access to your db and they want to just cause havoc, they will drop them.

They could just add in the news something like "You got pwned!" i would laugh a bit

[Jackolantern]

They could just add in the news something like "You got pwned!" i would laugh a bit

If only most crackers were that kind

[hallsofvallhalla]

make sure your "ib*" example: "ibdata1" exists. They may have been deleted.

[vitinho444]

They could just add in the news something like "You got pwned!" i would laugh a bit

If only most crackers were that kind

Even if they did something bad, im ok with it since there was no harm in doing this, it was just a table with news, users and the devblog

make sure your "ib*" example: "ibdata1" exists. They may have been deleted.

I'm sorry halls i dont get it, what you mean by "ib" and "ibdata1" i don't have that here in PHPmyadmin


PS: I checked again and now the tables are gone from phpmyadmin...

[BobMann]

I would be mad if some one did this to me and did not leave behind some kind of funny message like "Bob sucks at security and should give up now" or something.

[Lithium]

first of, check on the folders /mysql/data/ most likely if you have the folders/files for the db's, if not, check apache logs to see if something came in via web (which i actually doubt)
also check machine logs to see who logged from where and when.

*edit to add more

Check also ftp logs. I noticed you have FTP open there, if you have annonymous login allowed, check for the access folders they can reach...

Maybe this might help to check what and where...
(the list of open ports on the server)

[root@oc3438635217 pedro]# nmap -O www.oryzhon.com

Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-09 15:14 CET
Nmap scan report for www.oryzhon.com (5.135.206.18)
Host is up (0.038s latency).
rDNS record for 5.135.206.18: neutrino.tech-hosts-dns.com
Not shown: 983 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp closed ssh
25/tcp closed smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
135/tcp closed msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp closed microsoft-ds
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2200/tcp open ici

[MikuzA]

Hello,

Is it a dedicated server that you host or a web-service?

Also, since there is no message, my assumptions are the following>
1. Someone got your through SQL inject.
2. Some kiddo tried something and accidently deleted everything and his face turned red.
3. Your DB got corrupt.
4. Someone just decided to not leave a message and cause serious havoc.

Bad luck, mate.