PDA

View Full Version : Strange Things happening to my website



NOTTNICK
11-12-2013, 01:58 PM
I have a site for my ceilidh / Barn Dance band.
I have never had that many hits - enough to bring in a bit of work, in the 100s per week maximum.
However, recently it has been oveloading the bandwidth.
I have had over 600,000 hits lately, from all over the world (over 50 countries).
All on IE6 as well.
Something isn't right.
I can't even log onto it today to check the latest stats.- my bandwidth allowance is exceeded.
There are no large images - not too many pages, all fairly compact.
Can anyone suggest what I can do?
What might be happening?
Advice appreciated.
Nick

Wozcreative
11-12-2013, 02:48 PM
Could be some kind of malware virus. I suggest contacting your hosting company first and foremost to get control of your hosting account since you cannot log in.

Harold Mansfield
11-12-2013, 02:58 PM
I have a site for my ceilidh / Barn Dance band.
I have never had that many hits - enough to bring in a bit of work, in the 100s per week maximum.
However, recently it has been oveloading the bandwidth.
I have had over 600,000 hits lately, from all over the world (over 50 countries).
All on IE6 as well.
Something isn't right.
I can't even log onto it today to check the latest stats.- my bandwidth allowance is exceeded.
There are no large images - not too many pages, all fairly compact.
Can anyone suggest what I can do?
What might be happening?
Advice appreciated.
Nick

Sounds like one of 2 things. You've been hacked, or a script on your site is running rogue and maxing out the server. Or both.
I'm no server security expert but it sounds like your site is being used as a proxy for something or is experiencing a DOS attack.
It's also possible that it's not your site, but a site on the server where your site is hosted.

If you are on shared hosting it is likely that your hosting company will send you a notice about it.

Who are you hosted with? And are you on shared hosting?

jimr451
11-13-2013, 07:06 AM
I agree that you've been hacked. You should have your hosting provider shut down the site and help you clean the site. Or hire someone to clean up your site and assess the vulnerabilities.

-Jim

Freelancier
11-13-2013, 08:09 AM
It could be the other way as well. One of my sites racked up nearly 50 GB of inbound traffic last month... from a site that gets maybe 1 visitor every month. What was going on was a hacked computer was attempting to DOS attack it. I had my hosting company look into it and they were able to find the computer that was causing the problem (it was another computer in they host) and shut it down and then they instituted firewall rules they should have done in the first place to protect our server from that.

Best bet is to talk with your hosting company, because they're supposed to be the infrastructure experts.

cbscreative
11-13-2013, 04:32 PM
The fact that your site is small doesn't stop hackers from wanting to mess with you, if anything, all the more since security levels are often low enough to make it easier for them. It sounds like mischief.

I agree with others to see if you can resolve it with a hosting company support ticket. They have access to logs and the expertise to deal with the issue.

Once resolved be sure to change your password on the hosting CP. Many hosting companies have built in password strength indicators. A good rule of passwords is a minimum of 8 characters using upper case, lower case, numbers, and symbols. Also be sure not to use birthdays, kids names, or other things that can be guessed. I also like to use formulas to make them easy to remember.

For example, maybe: ThisB@RNdanceBandD0esn'+1ikeH@ckers

Actually, now I wouldn't recommend using that but you get the idea.

You didn't mention whether or not your site uses WordPress. If it does, install the Better WP Security plugin.

NOTTNICK
11-13-2013, 06:13 PM
Thanks for all this.
Yes it is Wordpress.
I'll get onto the Host for support.
I was with another host and moved the site because the bandwidth was blitzed, hadn't worked out why before. It does mean I've carried the problem along with me!
Password was reasonable and completely random, not anything stupid, but certainly nothing has been suggested. Makes sense to change it to something much more substantial, wouldn't have guessed that anyone would even want to consider messing with the site. maybe someone just doesn't like dancing!
I posted an earlier reply a few hours ago, but it hasn't appeared in the thread, don't know why.
Nick

patrickprecisione
11-14-2013, 10:36 AM
Maybe your website is haunted? Have you recently unearthed an ancient Indian burial ground or stolen an amulet from a mummified corpse?

NOTTNICK
11-21-2013, 02:36 PM
Still not fixed - but it is being worked on.
Hits down to about 3000 per day.
Very strange though - I am third in Google rank, but the search now directs to a sub-page on my site that doesn't exist! (Still has header and links working, but just a few photos and the words
USOWALL - followed by my tags.
I certainly can't find it in my wordpress administration.

It has the normal URL but then it is prefixed with the word usowall- followed by my hyphen separated tags.
If you google search for barn dance nottingham you'll see it there
Any ideas anyone?

Harold Mansfield
11-21-2013, 03:00 PM
You said it's being worked on, correct?

NOTTNICK
11-21-2013, 04:06 PM
Got some help - upgrading security, limiting access from ie6, blocking ranges of malicious IPs. Have only just discovered the google link to this strange page!

smartlink
11-30-2013, 02:39 AM
Still not fixed - but it is being worked on.
Hits down to about 3000 per day.
Very strange though - I am third in Google rank, but the search now directs to a sub-page on my site that doesn't exist! (Still has header and links working, but just a few photos and the words
USOWALL - followed by my tags.
I certainly can't find it in my wordpress administration.

It has the normal URL but then it is prefixed with the word usowall- followed by my hyphen separated tags.
If you google search for barn dance nottingham you'll see it there
Any ideas anyone?

Give google about 5 days to resync the new pages. You can always go on google analytics and see how google sees your page, maybe request a new spider to check your website. Which gadgets do you have? Could be a hacked gadget. Wordpress is pretty hard to hack, unless it's outdated or a gadget you have is malware.

As for the hits. It can be three things.

1. You ranked up for a keyword and you experienced a ton of traffic.
2. You have an outdated version of wordpress/ theme/ gadget. Or simply a gadget you have is malware.
3. You were hit by a Ddos. Check this link. Denial-of-service attack - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Denial-of-service_attack)

Contact your hosting company to find out the details. Let us know what happened.

NOTTNICK
12-04-2013, 01:05 PM
BIG PROBLEM!!!
A big improvement down to reasonable hits - then today......

Website comes up with a completely different page - says

HACKED it is all in Turkish saying AYYILDIZ TIM with pictures and graphics.

Can't get onto admin page - same thing happens.
No web site at all now!
I have someone helping me with the site, he's been sorting the hosting for me and has sorted the initial problems.
Trouble is, he's away in South Africa.
Has anyone encountered this?

billbenson
12-04-2013, 01:36 PM
My shared host was hacked once and every page named index on the server had some page in Arabic replacing it. It might not just be your site. Contact your host.

cbscreative
12-04-2013, 01:37 PM
I've seen it happen yes. Your problem is probably two-fold. First, your password was most likely weak, and second, the security for the hosting was probably lacking. Get a different host.

Harold Mansfield
12-04-2013, 01:40 PM
Yep, you've been hacked. It's some kind of protest against their government control of the internet and prosecuting journalists. I don't know how hacking other people's sites does anything other than just being malicious, but it's been going around for years.

Apparently your site has a some huge security holes, or your hosting company is crap.

NOTTNICK
12-05-2013, 03:13 PM
People at TSOhost - very helpful.
Initiall thought they could restore to a backup they held.
Unfortunately they couldn't.
The scripts running on the site meant that they had to block it completely, so the site has been offline for 24 hours.
Person helping with site got back from S.A. today and has restored a backup.
Now waiting for host to release the site. Fingers crossed that it will be sorted.
Acquaintance tells me that he knows of other function bands that have been hit by same hackers!
Thanks for interest / advice from forum members - it has helped me feel a bit less isolated and less anxious.

FlyPizzaGuy
01-31-2014, 04:44 PM
Remember that Windows and Internet Explorer are like brother and sister. There is always a loophole going to be open in IE 6, 7, 8, 9, 10. As a network specialist I would definitely stay away from using IE period until you see everyone saying that IE is secure enough to use now. Just my opinion. I don't use it and as a matter of fact, I uninstalled it from my computer and it seems to work 10 times smoother.

A rundown of your server environment could definitely help also. Do you know these specs? If so, could you post them and after you have done so, I will try and better analyze what may be going on by suggesting some things you may need to download or reconfigure seeing if the suggestions fix your problems. Are you hosting the website yourself in house or do you have free or paid web hosting?

Robert Stafford
01-31-2014, 08:14 PM
You're vulnerable. I recommend consulting with your respective host in order to solve the issue. It may be a competitor attempting to spite you for your success.

FlyPizzaGuy
02-01-2014, 02:39 AM
You're vulnerable. I recommend consulting with your respective host in order to solve the issue. It may be a competitor attempting to spite you for your success.

Very much possible these days. Also could be SQL injection if your running a database. Like a side door getting into your SQL database.