1
mgorey
Help to solve server hack please
  • 2005/7/15 6:16

  • mgorey

  • Just popping in

  • Posts: 11

  • Since: 2005/3/29


My site was hacked last night. It's not a security issue with Xoops, so I hope it's not improper for me to make this post and ask for help. The security problem is with my server.

The site loads with a trustbid.ws javascript code in IE. Viewing the page in IE also shows a cookie for vxiframe.biz and triggers anti-virus software into action. It took me a while to notice it because there were no problems using Firefox.

Viewing the index page source in Firefox shows

in the bottom right-hand corner, outside the html.

I've currently disabled the site while my host and I try to find the source. A Google search for the above suggests it may be a trojan that's been installed on the server.

I've looked in the template files, main index, header and footer files, but can't find it.

Does anyone have suggestions on where I should look or what I should do?

2
stefan88
Re: Help to solve server hack please
  • 2005/7/15 7:22

  • stefan88

  • Community Support Member

  • Posts: 1086

  • Since: 2004/9/20


did you checked theme.html?
..

3
mgorey
Re: Help to solve server hack please
  • 2005/7/15 7:29

  • mgorey

  • Just popping in

  • Posts: 11

  • Since: 2005/3/29


Yes, I checked all the theme files.

I just used Fantastico to install XOOPS again in a directory on the same domain and called to the main database.

The intrusive code still appears, which suggests it must be in the database. I haven't got a clue how to find it though.

4
LazyBadger
Re: Help to solve server hack please

Active worm live somewhere on rhis host, which add iframe in all found *.html files.
Sever admin must
- shutdown host
- perform full reinstall from scratch
- made harakiri

I think, worm works under httpd-account rights, you can try to remove all write permissions for theme for saving theme-file integrity
Quis custodiet ipsos custodes?

Webmaster of
XOOPS2.RU
XOOPS Modules Proving Ground
XOOPS Themes Exhibition

5
mgorey
Re: Help to solve server hack please
  • 2005/7/15 10:16

  • mgorey

  • Just popping in

  • Posts: 11

  • Since: 2005/3/29


I isolated the database attack to the tplsource file. I deleted the file and created a new one. It seems to be okay now.

I've changed all passwords and hopefully that's the end of it.

6
Chappy
Re: Help to solve server hack please
  • 2005/8/5 3:58

  • Chappy

  • Friend of XOOPS

  • Posts: 456

  • Since: 2002/12/14


You might also want to check out this thread for more info.
MMM...It tastes like chicken! ...

Login

Who's Online

195 user(s) are online (120 user(s) are browsing Support Forums)


Members: 0


Guests: 195


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits