I have created a website using moodle and hosted on a webserver. but one fine morning I found it hacked. The site index.php file is overwritten by:
pwned By Mor-r0ver + Wizardz at email com +
gr33tz to aLL friendZ
I find above message when i visit site. How to reactivate the site without loosing the content and database connectivity.
I also found number of websites using LAMP technologies are now being hacked. searching the above message through google/search engine will display different sites.
Any solution to protect the site.
Security is very much a "from the ground up" issue. Its unlikely that the source of your problem is the actual Moodle code as the Moodle folk take security very seriously and it is not a big target so fewer people are trying to compromise it. Why target Moodle when if you can break into the web server, OS or scripting language you can take over Moodle from there.
The chances are that the hackers just put up the boast notice and did not actually change the data underneath. There is a good chance that they know almost nothing about Moodle itself, just the significance of an index.php file.
Ya! my site is running on Linux and hosted through ISP. I do not say the hackers might have targeted moodle but some how they managed to intrude and change index.php file. The hackers might have rooted through OS. I do not know for sure. All I want to know how is to set right my site and way to know so that hackers do not again change index.php.
If you search internet, you will find many other targeted site. I belive index.php is the file that is being targeted.
/home/youraccountname/logs with the most current log possibly being called access_log. If you have shell access (command line) there is a unix command called tail and that will show you the end of the file instead of loading a huge file up in an editor. If you don't have shell then you might be able to download the log via ftp and browse through it locally.
there is no guaranteed way to recover site from attack I am afraid.
If your site was not hacked through Moodle and no database changes were done, then deleting all files from your web hosting account and uploading a fresh cvs nightly/weekly should help.
If you have full database dump before the accident you should restore it. If you are running own server full OS reinstall is sometimes recommended too.
In any case taking a snapshot of database and all files is highly recommended, otherwise there is no way to investigate the incident later.