How do they Highjack a site?

[hcdarkmage]

Funny thing happened over the Thanksgiving holiday . . . my company's website was highjacked.  I personally didn't see it happen, mostly because I never go to the site on my days off, but I was told by my manager that another company made it so that anyone who typed in our web address was sent to a completely different site.

 

How did they do that?

 

I'm a little sketchy on the details, mostly because I am the "fix-it" programmer (one that fixes little details in the site, not code the whole thing).  The main "Guru" told me little about what happened, but I found out when I tried to make changes to our phpMyadmin using my login and it told me I was locked out.  He also told me that he locked everyone out.

 

Is it possible to prevent this from happening again?  Like I said, I don't know who, what, why or how they did it, but I would like to make sure it doesn't happen again.

[Azu]

If it's DNS poisoning, there's not much you can do other then have your users access your website directly by IP instead of domain name.

 

Although I think it's more likely that they simply found an exploit in a PHP script or something and used it to put a redirect into your HTML.

[Crew-Portal]

Or if your company site used a CMS they may have found a weakness and made your page look like thiers and change the likes to redirect to the links on thier site

[Azu]

simply found an exploit in a PHP script or something