How should I fix the website which is hacked by someone?

  • These script kiddies now-a-days use ready made scripts that are coded in php. This script is known as shell. These shells may be used by these kiddies for symlinking as well playing around with your website contents.
  • Many such coded scripts (shells) are available online one of the most popular is C99.php(google it). Now, you have to detect this shell and get it removed. Some of them have the ability to work in background without getting detected(stealth mode).
  • They may have uploaded it using cpanel of your website. That means your admin panel may have some vulnerability which gives unauthorized access or your website may be vulnerable to other attacks like XSS.
  • They have made changes to your index.php replace this with your code(if you have a backup) and get that shell deleted from server. This is what a typical c99 shell backdoor looks like :
Im​g Source :Google
  • One can simply access this shell after uploading it. For example, if I have uploaded a shell in some directory on your website I can access it as www.mywebsite.com/directory/c99.php. ​
  • First of all detect the vulnerabilities in your website and get this shell removed. Shell gives complete access to your website.
  • Replace current index page with yours.
  • I hope these Pakistani script kiddies have not done any more harm to your website rather than just replacing the index of your website with there index.
  • Refer these Links for more information:
  1. Web Shell Detection Using NeoPI - InfoSec Resources
  2. how i can detect and disable C99 shell?
  3. Security from C99shell.I
  4. How to Remove Backdoor.PHP.C99Shell Quickly and Easily

Popular Posts