Site hacked! [XOOPS general usage questions] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

Site hacked!

2005/8/10 18:34
martyras
Just popping in
Posts: 37
Since: 2004/11/1

Hello guys.

Our site has been hacked and we wanted to know what exploit did they used to manage this.

Check here: [*link removed by request from the webmaster - herko*]

Massaged displayed instead of the last 10 news.

Xoops version we use 2.0.7.3.

Thank you for your time.

2

Re: Site hacked!

2005/8/10 18:47
hyperpod
Quite a regular
Posts: 359
Since: 2004/10/4

Well, without any details, it looks like they hacked your server.. not xoops, but this is just a guess...

Also, why dont you ask them? they left their email address for you.

Best Regards,

Daniel Hall / XOOPS Module Development & Theme Design
Free XOOPS Support > My Wish List

3

Re: Site hacked!

2005/8/10 18:57
martyras
Just popping in
Posts: 37
Since: 2004/11/1

What details do you need to identify if it's from server or xoops?

4

Re: Site hacked!

2005/8/10 19:09
hyperpod
Quite a regular
Posts: 359
Since: 2004/10/4

Well, number one, until you can identify the exact eploit such as using your access_logs, then you cannot assume that XOOPS is the problem.

You need to look at the access logs around the time your site was hacked.

Also, if you do assume, then assume your server was hacked, not XOOPS.

Once they hack your server, then they can edit stuff like your XOOPS site, but this doesnt mean they got in through XOOPS.

Also, if you are worried about security, then you really need to keep up with the latest version of XOOPS.

At this point, if they did get in through XOOPS, then it would be your fault, for not running the latest stable version (XOOPS 2.0.13a)

Who runs your server? Whats OS is it? Is it shared hosting?

Good Luck,

_Dan

Daniel Hall / XOOPS Module Development & Theme Design
Free XOOPS Support > My Wish List

5

Re: Site hacked!

2005/8/10 19:17
martyras
Just popping in
Posts: 37
Since: 2004/11/1

From a company, shared hosting with linux.

Yes, I understand that but we haven't time to do an upgrade due to everyday news postings. So it is our fault.

Logs found. We will look them closely.

Thank you for helping on this.

6

Re: Site hacked!

2005/8/10 19:46
hyperpod
Quite a regular
Posts: 359
Since: 2004/10/4

BTW- it looks like a nice site! :)

I just cannot get into it since I only speak english

But the design is very cool :)

Cheers,

Daniel Hall / XOOPS Module Development & Theme Design
Free XOOPS Support > My Wish List

7

Re: Site hacked!

2005/8/10 19:53
Chappy
Friend of XOOPS
Posts: 456
Since: 2002/12/14

It would also help to add a little description about what you mean by hacked - what happens?

You may also want to check out this thread for more information about some recent exploits - https://xoops.org/modules/newbb/viewtopic.php?topic_id=37659&forum=20&post_id=174079#forumpost174079

MMM...It tastes like chicken!

...

8

Re: Site hacked!

2005/8/11 16:16
martyras
Just popping in
Posts: 37
Since: 2004/11/1

The problem was found with the help of the hosting company. It appeas that was an exploit at templates_c folder. When we deleted the files from within, the message went away. Is there a known patch for that? I haven't followed the forums for a while so I didn't know about any particular exploit.

@hyperpod
Thank you.

9

Re: Site hacked!

2005/8/11 19:53
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

martyras wrote:
The problem was found with the help of the hosting company. It appeas that was an exploit at templates_c folder. When we deleted the files from within, the message went away. Is there a known patch for that? I haven't followed the forums for a while so I didn't know about any particular exploit.

templates_c ?
Perhaps, it's just a back-door put by the attacker.

Crackers can access your site as administrators quite easily, if you runs XOOPS < 2.0.9.2 without Protector.

To prevent another back-doors, you'd better install XOOPS cleanly after backing up.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Privacy

Yesterday 19:42 margoritka
Privacy

Yesterday 19:38 kalibri
XOOPS MyMenus 1.54.0 Beta 10

11/18 11:08 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/18 11:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/16 12:32 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 18:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:33 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:29 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 4:39 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:50 liomj

Who's Online

428 user(s) are online (349 user(s) are browsing Support Forums)

Members: 1

Guests: 427

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}