1
irmtfan
someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/15 18:39

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


my site hacked by someone with fake page & now i clear from webmaster & even users.
i disconnect database by delete database user.
unfortunately i forgot to take a back up from my database because site had been on only for 4 days.
what can i do now for reture my site ?
is there any way?
i lost my admin in site only but i have cpanel & ftp yet.
plz answer soon thank u

2
Herko
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/15 18:48

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


Can you tell us what happened exactly? If you don't have a full backup to restore, and you've removed parts of the database and files, then there isn't much we can do. Otherwise I'd put the backup back, change the site passwords and get the site back up.

But to determine how and why your site was hacked, we need much more information on the situation and what exactly happened.

Herko

3
meme
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/15 20:45

  • meme

  • Quite a regular

  • Posts: 271

  • Since: 2002/12/10


be sure your server not hacked

there is about 40 servers hacked with all there hosting customer

ask your webhosting about this problem

4
irmtfan
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 4:38

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


i found now this problem is my fault to get access to some persons & one of them delete my user name.

i going to cpanel & delete username of my database to close access to my site then now i cant drop my database because the phpmyadmin said: "Wrong username/password Access denied"
even when i create the same user name & pass to my database.

now i want to keep a drop from my database what can i do?
help me i dont know any about MySQL & tables

5
GoFuYo
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 4:46

  • GoFuYo

  • Just popping in

  • Posts: 8

  • Since: 2003/12/16


Just posted this in the 'other' 'i got hacked and now' thread:

I would in case of such an event, not only delete the changed files. How do you know, btw. WHAT the HaCKorZ have EXACTLY done ?
Logfiles analyzed? Checked for RootKits? Checked SUIDs, IDs, checked Ports etc.? SYSADMIN or PROVIDER of your account informed ?

Most often the HaCKorZ leave themselves a backdoor, if possible and an autorooter used. This is one cause for these 'shame' Redefacements.

BTW. seems that these guys have 'nuked' again most php-Nukes's and clones. Maybe again some injections or exploit, but not gone so far yet.

See http://www.zone-h.org/en/defacements and for these guys
http://www.zone-h.com/en/defacements/filter/filter_defacer=Ir4dex/ and after reupsetting their sites (the defaced ones) what you see php-Nuke.s and Clones ...

But i would normally take EXTREM care what's up with your account, maybe even reinstall. Call me paranoid :)

Just my 2cents.

6
Bazus
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 4:52

  • Bazus

  • Not too shy to talk

  • Posts: 144

  • Since: 2002/9/23


Quote:
Most often the HaCKorZ leave themselves a backdoor, if possible and an autorooter used. This is one cause for these 'shame' Redefacements.



The problem whith this hacker coming back to do more damage is a big problem, mainly in XOOPS hosted (not run localy). The responsability to patch the server is in the hands of the webhosters but we can't do much about it.


7
irmtfan
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 4:59

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


i only want to keep a backup from my database that i delete it's user name but with phpmyadmin i cant connect to my database what can i do to take a backup?

8
GoFuYo
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 5:04

  • GoFuYo

  • Just popping in

  • Posts: 8

  • Since: 2003/12/16


Yes, if you have an sysadmin and no root access, maybe there was a general 'prob' with the system conf. - look why are so BIG ISSUES about safe_mode for example etc. - too lazy yet to name it all.

But i've wriiten the 'Infection Group' just the minute a mail, because i'm really interested how they've achieved it, or what exploit they used.
But for me it seems to be, again, close to php-Nuke + Clones code exploits.
We will see what comes up to read on the sec. Boards

P.S: see the uids and ids of a currently hacked site:

uname -a; id

Linux ds217-115-141-113 2.4.10-4GB #1 Tue Sep 25 12:33:54 GMT 2001 i686 unknown

uid=0(root) gid=0(root) groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogroup)

..cool =)~


9
GoFuYo
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 5:06

  • GoFuYo

  • Just popping in

  • Posts: 8

  • Since: 2003/12/16


What kind of account do you have ? Virtual hosted or your own server, with root access ?

Hmm, just seen it now, you seem to have root:
Can you reboot your system to a 'rescue system' ?
Or maybe you try this if you still have access-but no guarantee of course, because do not know your system, and you must LOOK where your files are located:

yourbash:~ # rcmysql stop

Starting MySQL service manually with parameter --skip-grant-tables --datadir=/var/lib/mysql :

yourbash:~ # mysqld --user=mysql --skip-networking --skip-grant-tables --datadir=/var/lib/mysql &

With mysqladmin you now set a new root password:

yourbash:~ # su - MySQL -c "mysqladmin --user root password 'YOURNEWPASSWORD'"

After this the password of user "root" is set for the MySQL-database to "YOURNEWPASSWORD".

Then restart your MySQL service:

yourbash:~ # rcmysql stop
yourbash:~ # rcmysql start




10
irmtfan
Re: someone hack my site with fake page!!!!!!!!!!!!!!
  • 2004/1/16 5:34

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


i get a virtual hosted i think.
is there any software to help me for connect to my MySQL database?

Login

Who's Online

373 user(s) are online (307 user(s) are browsing Support Forums)


Members: 0


Guests: 373


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits