All three of my domain's are now being redirected to http://www. mavideniz .org/ WTF??? My main domain is www.taneuberger. com. Since Powweb is closed, I thought I would start here. Any idea's. Not sure how long this has been this way either.

Check/change passwords, look at logs for changes to the 'normal' pattern for your sites, change the .htaccess file back to a backup version.

At a guess, you've got a forum or some such software installed and haven't kept it up to date so an exploit has been used to re-write something to cause this.

Check/change passwords, look at logs for changes to the 'normal' pattern for your sites, change the .htaccess file back to a backup version.

At a guess, you've got a forum or some such software installed and haven't kept it up to date so an exploit has been used to re-write something to cause this.

Sorry, not that website savy to understand how to do what you have said. I have no forum software installed, its just a photography site.

Are you creating your own pages with the photos or are you using some software on the server?

I have all of 6 or 7 pages, three of them with Simpleviewer(flash gallery)embedded. One page has a JS slide show(my main page) and the others are just text.

Can you post your current .htaccess file here, (if you have one)? Also change ALL passwords (e-mail included) to do with Powweb and your domain.

Do you have more than one domain on your package?

Well, it was HACKED. Don't these people have anything better to do???? I got home and accessed my "new" index page and opened it locally. Says HACKED BY iSKORPiTX

(TURKISH HACKER)

So, I hope he didn't mess with too much of my stuff. Gonna change my passwords and put my original Index back up.

Here is what the .htaccess file reads now(I don't even know how to get it back to normal)

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName actionsnaps.net
AuthUserFile /www/d/omain.net/htdocs/_vti_pvt/service.pwd
AuthGroupFile /www/d/omain.net/htdocs/_vti_pvt/service.grp
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteCond %{HTTP_HOST} terryneubergerphotography.com
RewriteCond %{REQUEST_URI} !tnp/
RewriteRule ^(.*)$ tnp/$1 [L]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} terryneubergerphotography.com [OR]
RewriteCond %{HTTP_HOST} taneuberger.com
RewriteCond %{REQUEST_URI} !tnp/
RewriteRule ^(.*)$ tnp/$1 [L]

This looks normal to me - the redirection must be being done elsewhere. Look at the date on your index file (in htdocs, via FTP) to see when it was last altered.

(Oops - missed your post saying it was changed.)

The best way (IMO, for a simple site) to undo this is to republish your site from your locally held backup after deleting as much as you can - (make a backup of the defaced site, just in case).

I've gone through some of it and it looks like he only changed the .htaccess and all the index pages. Here is the .htaccess I have saved, does it look right?

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName actionsnaps.net
AuthUserFile /www/d/o/main.net/htdocs/_vti_pvt/service.pwd
AuthGroupFile /www/d/o/main.net/htdocs/_vti_pvt/service.grp
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteCond %{HTTP_HOST} terryneubergerphotography.com
RewriteCond %{REQUEST_URI} !tnp/
RewriteRule ^(.*)$ tnp/$1 [L]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} terryneubergerphotography.com [OR]
RewriteCond %{HTTP_HOST} taneuberger.com
RewriteCond %{REQUEST_URI} !tnp/
RewriteRule ^(.*)$ tnp/$1 [L]

All appears OK now. Went through my folders on the server and none but the .htaccess and a couple index pages show modified anytime recently. I am now able to access my site with the exception of two pointer domains not working. I will call Powweb tomorrow(or later today I guess, its very early here) and get them going.

Powweb will probably just tell you to post in the forums, they don't support .htaccess directly.

I can see you have
RewriteEngine On
RewriteBase \

in the file twice, remove the last entries.
Also,
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
seems redundant - the fourth line here (allow from all) seems to negate the deny from all. Try removing the allow from all to see if it breaks the site. If it doesn't, then leave it out.

(I don't really understand .htaccess commands, so maybe I'm wrong and should shut up - but no-one else is here to offer suggestions to try :D)

Yeah, making those changes didn't allow me access. I meant I was going to contact Powweb because I just registered a domain a couple weeks ago and added it as a pointed domain, but it's not working yet. And the other one that used to work, just takes me to my "parent directory" thing, not the website. I beleive they should be able to help me out with this.

Any domain registered a couple of weeks ago should be working by now.
However, have you included the domains in your .htaccess file?

Have not included them in the .htaccess, but then I have never edited that for them to work. I just use the ops page and add the pointer domain. I assumed Powweb did this some how.

I checked with some people today that are a lot my computer savy then me and they said the reason I was probably hacked had nothing to do with my passwords or my website, it was the host server. They also told me once I've been hacked, I should look for hosting elsewhere because the host I'm with is prone/easy to hack.

You're using FrontPage extensions which have well-known vulnerabilities. I'm betting that's how they got to your site. If I were you, I'd try to migrate away from FrontPage.

I checked with some people today that are a lot my computer savy then me and they said the reason I was probably hacked had nothing to do with my passwords or my website, it was the host server. They also told me once I've been hacked, I should look for hosting elsewhere because the host I'm with is prone/easy to hack.Well I'd look for people more savvy than those. The software you use (such as forums and FP extensions) are the common route into sites. The purpose of changing passwords wasn't because they got in that way. Once in they could get in password files could be downloaded and decrypted.

Another common route is guessed passwords. Passwords shouldn't be words, should contain upper and lower case characters and should be changed regularly.

A friend uses the first letter of each word in favourite song titles - with numbers thrown in for good measure. To remember passwords, he remembers the song titles.

OK, I don't use Frontpage anymore. My new site was built with Dreamweaver. Where should I post to find out how to get rid of the FP stuff??? Or could I just delete it?

You can 'uninstall' FP extensions inside OPS.

Anything left over can be deleted.

I was hacked this week and I was wondering if anyone else hosted here was. I want to determine if it was just ME that was targeted(which I highly doubt) or if it was powweb's server's and others were hit.

Most of the time (if not all the time), the reason a site got hacked was a vulnerability in your site. This could be a script, including older versions of forum/blog/cms scripts, or bad permissions somewhere. Always remember to get the latest releases of software and to change your passwords.

I was hacked this week and I was wondering if anyone else hosted here was. I want to determine if it was just ME that was targeted(which I highly doubt) or if it was powweb's server's and others were hit.As we've already established you don't run blogs etc, the installation of FP extensions came up as the most likely culprit. Many sites on Powweb use FP extensions, so if it had been an attack on Powweb servers then you'd have seen many more questions in here. It is likely that your site was targeted, because of the FP extensions, randomly.