Site is hacked [Q and A] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

Site is hacked

2006/9/26 4:57
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

Alright, so the whole site was hacked.
Everything was deleted and a few 'idiotic' comments left.

Sadly I've not backed up anything, no my main question is.
Why should I re-use xoops?
Is there anything being done to stop XOOPS from being hacked?

2

Re: Site is hacked

2006/9/26 5:09
jdseymour
Friend of XOOPS
Posts: 3782
Since: 2004/11/11

As far as deletions, usually it is not XOOPS that causes the hack, unless you are using an older version that has not been fixed. But usually through server vulnerabilities or setup. (most shared hosting cannot use the most secure methods for running a server as it can break some applications.) Need more information as to how it was done. Check your server logs (or have your host check).

Proactive Support for Sites and Servers

WebServerMasters.com | XOOPS Tutorials

3

Re: Site is hacked

2006/9/26 6:02
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

search in FAQ :
https://xoops.org/modules/smartfaq/faq.php?faqid=621

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

4

Re: Site is hacked

2006/9/26 6:15
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

as far as I am able to see.
The person was able to log in and replace one of the admin users accounts.

So he basically managed to become an admin and then delete everything that way.

I was using
XOOPS 2.0.13.2

edit: thanks for that FAQ but it basically tells me what to do after a hack.

I'm going to reinstall and work on everything fresh so I want to know what I can do to prevent such a situation in the future.

I only used 2 modules.

The Forum module and the WF-Downloads.

5

Re: Site is hacked

2006/9/26 6:48
Herko
XOOPS is my life!
Posts: 4238
Since: 2002/2/4 1

Delete files using the admin account? Hmm.. How? How in XOOPS can you remove files from the server?? Without any module specifically designed for this, this is impossible.

My bet is that its a server that is hacked. Notify your hosting provider.

Herko

6

Re: Site is hacked

2006/9/26 12:48
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

What I am saying is that he managed to hack into the website, set himself as the admin, then go into the control panel and delete what he wants. (Download files and Pictures) So for example, I go into the admin panel, go to the WF-Uploads module, click 'delete'.

I've already emailed my host (who take their time replying to anything).

The hacker apparantly has a 'team' called

Marlokki Team.

I've reported him to the authorities. Lets see if they do anything.

Here's some info I managed to gather on him if anybody is interested.

marokki.team@gmail.com

http://saaid.net

+21264443210

anoir130@gmail.com

Anyway, I'm just saying that I didn't install anything strange onto the site and I'm worried that if I reinstall XOOPS and everything all over again, he'll just come along and hack it again.

7

Re: Site is hacked

2006/9/26 13:00
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

What XOOPS version where you running? Which modules?

8

Re: Site is hacked

2006/9/26 13:29
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

I was using
XOOPS 2.0.13.2

The modules used were
wf-download
Forum+File
MyAlbum

I can give you access to the site in it's current state if that well help determine anything?

9

Re: Site is hacked

2006/9/26 13:54
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

well there has been some security updates with the last couple of releases... so when you get your site working - it would be worth looking into moving to 2.0.15 (with the form.php update of course)

I'd perhaps also suggest refreshing any admin passwords as well.

Not forgetting the protector module of course!

10

Re: Site is hacked

2006/9/26 14:12
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

Well I'll be doing a fresh install with 2.0.15
and I'll be getting the protector module.

Hopefully that's all I need and these punks wont come back.

I guess I'll have to back up once a week now.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: XOOPS 2.5.12 Beta-2 available for Testing

Today 17:53 Mamba
Re: XOOPS 2.5.12 Beta-2 available for Testing

Today 9:58 jjdai
Re: XOOPS 2.5.12 Beta-2 available for Testing

Today 8:16 jjdai
XOOPS 2.5.12 Beta-2 available for Testing

8/13 7:13 Mamba
PHP 8.4.0 Alpha 1 released

7/10 6:19 Mamba
Overview of the Composer packages in Admin

7/10 6:15 Mamba
Re: xoops_getBaseDomain

6/29 6:13 Mamba
xoops_getBaseDomain

6/27 22:55 mbu10
Re: Test 3

6/10 1:12 bushir
Test 3

6/10 1:08 bushir

Who's Online

288 user(s) are online (141 user(s) are browsing Support Forums)

Members: 0

Guests: 288

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Aug 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}