Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
0 + 4 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Help! Hacked :-(
by gmarchis on 2007/4/12 18:38:38

Hi:

My site was hacked this week.
all i can see is:
HaCkEd By every-thing@hotmail.fr

My site is http://www.managementynegocios.biz.

I really dont have a clue on what to do. Can anyone help me please?

Tanks

Gustavo
Re: Help! Hacked :-(
by peterr on 2007/4/9 5:21:54

Quote:

ladysham wrote:
I was hacked also. Didn't really see anything until I went and looked at the blocks. The hacker was able to insert a custom block into my XOOPS with a redirect to his website.

For the moment, I've shut down my website to see what I want to do.


Whilst my site wasn't hacked, they were trying to run a script from another site, fortunately the web server security was tight enough to send them a '403' (forbidden).

They did manage to pass some SQL code though, and I tried it myself, after finding out what it did. To my surprise I could see the username and password, although the password was encrypted.

The sites that were hacked, possibly don't have 'strong" passwords ???

I may take a look at the login file, user.php, and see if it is 'easy' to restrict access the my IP address only, that way no one else would be able to login.

Peter
Re: Help! Hacked :-(
by ladysham on 2007/4/9 2:19:46

I was hacked also. Didn't really see anything until I went and looked at the blocks. The hacker was able to insert a custom block into my XOOPS with a redirect to his website.

For the moment, I've shut down my website to see what I want to do.

Kelly Ling
Re: Help! Hacked :-(
by davidl2 on 2007/4/7 9:58:59

Quote:

JMorris wrote:
WF-Section is an old module that is no longer supported, as far as I know. As such, any security vulnerabilities are not being watch and/or patched as quickly as more active projects such as SmartSection.

My recommendation would be to migrate to SmartSection as it's development and support is quite proactive.

HTH.

James


This is very true - although Catzwolf (aka John_N) has said that he will try and release a more secure version of this module shortly... however as he has other projects, I would suspsect this will not be updated as regularly as SmartSection or Phppp's "Article" module.

(I think Phppp's Article module has an import script for WF-Section 1 & 2 as well?)
Re: Help! Hacked :-(
by winnesoup on 2007/4/7 8:53:06

Quote:

mpowell wrote:
OK.

I found the information in the database - config footer and config metadata - that had been corrupted.

However, even after erasing this information in the database I still get the islamic message.

What am I missing?


Just clear the contents of your templates_c and cache directory. Then do a refresh on your page.

Who's Online

208 user(s) are online (164 user(s) are browsing Support Forums)


Members: 0


Guests: 208


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits