I got back from Cellardyke tonight to discover that my site had been hacked once again. This time I didn’t delete the files they’d dumped on my server; I’ve zipped them and sent them to my webhost for examination.
I’m now wondering if they’ve used a Linux kernel exploit to gain root access to the server. That’s pretty serious stuff, and if that is the case then I do hope my webhost get the kernel patched asap. If it’s not, then I hope they help me get to the root of this problem.
I’ve just sent an email to my webhost, HostEurope/Pipex, to ask if they can shed any light on how/why my website got hacked. This morning I received this email, written at 19:42 last night:
Check this address – some one has invaded your site
and sure enough, my website front page had been replaced with a two word plain text file that read “F*ck .uk” (but with no asterisk).
I’ve now replaced the offending/offensive page with my original page and will await to see if Pipex can shed any light on how or why it was hacked, and what I (or they) can do to prevent this in the future.