Thankyou kindly. The penny finally dropped and I now can no longer see the NG image, and the link gives a 404 page. Step one defeated. I was confused as to where and what document root was. I've learned something new today!

My mainfile is now patched, ok, and happy.

Only one small thing left.

The 2 links at the bottom of the Security Advisory page are this:

Contaminations:
http://www.mysite/pages/index.php?xoopsConfig%5Bnocommon%5D=1

Isolated Comments:
http://www.mysite/pages/index.php?cid=%2Cpassword+%2F%2A

The second link just takes me to my homepage. I'm assuming this is ok?

The first link takes me to a blank page with only 1 line of text saying "Protector detects attacking actions". I'm assuming this is NOT ok? Is that because of the ('allow_url_fopen' : on Not secure) part? I am on a shared server, so this might not be an easy thing to fix.


Thankyou so much for your help. You've been an angel

I'm a little lost. I installed Protector as a module, as it came with v.2.3.2. Correct folders etc.

Getting the following nasties in the Protector module:

'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.

I can see the NG image in Security Advisory. The whole XOOPS_TRUST_PATH thing has me stumped. Is there a tutorial for this?

'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.

Will speak to admin about fixing this.

'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.

It's set to 444. Is there something I missed?

I did not understand the readme properly, and got way lost on the whole Trust Path thing. Any help for this dummy would be much appreciated.

Thanks

I just did a fresh install of v.2.3.2 and changed the actual directory names to something entirely different. It gave me the option to change those names in config during install. No problems whatsoever.

Thanks Mamba and Ghia.

I'm just gonna bite the bullet and redo the whole site with the updated versions + Protector.

Understanding how the hacker got in is the main thing. I have no idea how, or when (it was at least 1 month ago. I'm the webmaster and site admin, but I don't participate that often). No idea where to start looking.

Thanks again for your help.. both of you

Xoops version 2.0.13.2
Pages module version 1.5
FAQ module version 1.1
Forum version 1

Don't know what Protector is, so obviously I don't have it installed.
** edit - downloading v 2.5 now.
(will this work if the site has already been messed with?)

This script kiddie has locked me out of just about the whole site. I can edit in the database, but not via the site admin. Users (and admins) can't submit news, forum posts, events etc. Admin panel link icons are missing in the left of the page, so I can go nowhere normally (have to go to modules then the desired one)

Thanks again for any tips you can give.

Got hacked, and the guy only created one page on both modules, then linked to it, leaving all the previous info there, but with line breaks enabled, so it broke the pages.

Could not edit anything in admin, so had to go into the database and do it manually.

Now can not edit anything in admin due to "Error while updating database!" OR "Could not add contents"

Although I've fixed it manually, I'm sure it's vulnerable to another attack. Is there a fix for this, without having to redo the whole site?

Thanks for any tips.

** Add

Just about the whole site is busted. Can't get any icons in the admin panel, and when i try to go to the control panel it keeps telling me this is my first time, and reloads the page when I try to log in. (checked cookies, exceptions etc with no luck)

Can't post to the forum, nor news articles.
I guess a complete redo of site might not be out of the question. Does this mean the database is corrupted too?

Thankyou

I've got XOOPS working just fine (so far) but because I'm making a site for Australians, all the dates are backwards. Is there any way to change them around?

I've looked in a few files, but couldn't see anything that really jumped out at me.

Thanks for any tips