Montana Webmaster


About the Hack
About the Restore

INTRODUCTION: was recently hacked with a compromise that is common on sites hosted on Modwest. While a new site is being restored on a different web host, SiteGround, you may be interested to read more about the hack on our Facebook Page. Also, you will see changes to this static site over time while we post about how to create a new WordPress site. Watch the discussion about the hack, the temporary static site and the new WordPress site on our Facebook page.


A little web soap opera for your weekend, episode 3

Before I deleted all the files off the web server, I took a look around. This does not seem to be as sophisticated a compromise as I have seen. Sophisticated or not, it was effective on the Modwest servers.

Notice the top asterisk. The file, dated yesterday, is index.html. Notice that the index.php is still there (the index.php file right below index.html). The hackers did not have to delete or change anything, just add their own file into my hosting space.

The reason the site was showing the bad page (see previous post on this topic) is because of how the web server works. Many of you will recall this from my classes. A web server doesn't know which one of the hundreds or thousands of files that make up your website is the home page. So, you, or your software, has to have a particular file name for the home page; in this case the file is index. That is how the server knows which file is the home page.

But, different types of websites often have different extensions, so the server administrator gives the server a list of file names that might be the home page. In this case, index.html takes precedence over index.php. So, all the hackers had to do was trick the server into taking their index.html file. While the site is actually still intact, the home page shows as their page ... see previous post for a screenshot!