1
martyboy
Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 17:24

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi,

I am looking for some help, if you visit my site MJTKOP.COM you will see that all the content seems to be pushed over to the left and if you view mjtkop.com/home/index.php with i.e then there seems to be some syntax error on line 74(bottom left of i.e window).

Also when I log in i get a blank page at admin.php, have I been hacked? I have no idea what has happened my site was wroking fine last night?

Anyone got any suggestions on how I should proceed, I really need to get into admin menu so I can close the site down till i've figured out what's went wrong.

Thanks for your help.

*Please read the third post*
Michael Jackson = King Of Pop

Xoops = King Of CMS

2
martyboy
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 17:28

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi,

I also have another XOOPS site hosted on the same shared hosting account as an addon domain, http://www.michaeljosephjackson.net/main/ if you go there theres also a blank page going to http://www.michaeljosephjackson.net/main/user.php reveals the same thing as before everything seems pushed over to the left.

Could this have been some sort of issue with my host or server that could have caused this?

Thanks for your help
Michael Jackson = King Of Pop

Xoops = King Of CMS

3
martyboy
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 17:50

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


On checking my index.php page again I noticed this link added onto one of the links in the partners block Quote:
oxygen 2.21 nokia crack


It now appears that somehow I have been hacked, but how? I thought XOOPS was secure, I am the only admin of the site and no one else has any admin or module admin rights?

I wil contact my host to see if they can shed any light.

In the meantime is there away I might get back into admin.php(blank page) I have a backup of my XOOPS db made using backup module but I dont know how to go about installing the backup throuhg phpmyadmin or anything, if any one can help it would be greatly appreciated.

*****

Ive allerted my webhost, ive also password protected the XOOPS install incase you try and visit the site and wonder whats going on

Cheers.
Michael Jackson = King Of Pop

Xoops = King Of CMS

4
kaotik
Re: Help Needed ASAP, site gone a bit wrong?
  • 2005/9/23 18:05

  • kaotik

  • Just can't stay away

  • Posts: 861

  • Since: 2004/2/19


There is a known vuln in XOOPS below 2.0.13 that involves xml-rpc. There is exploit code floating arount the net that alows any script kiddy to easily compromise your server.
If you were running a version below 2.0.13 then you were probably hit with this.

For everyone reading this:
If your running XOOPS version below 2.0.13UPDATE NOW!!!!

5
martyboy
Re: Help Needed ASAP, site gone a bit wrong?
  • 2005/9/23 18:07

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi, Im running XOOPS 2.0.13.1, I think thats the updated version that patched that vulnrability. There must be something else maybe?

Thanks for your help
Michael Jackson = King Of Pop

Xoops = King Of CMS

6
kaotik
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 18:08

  • kaotik

  • Just can't stay away

  • Posts: 861

  • Since: 2004/2/19


are you running protector? you could check it's log file.

7
martyboy
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 18:17

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi Kaotic,

Yes I have protector installed but I can not access admin area I just get a blank page when I try to goto the admin area, is there any other way to view protector logs?

For your information this is the code that seems to have been inserted into the partners block, I have no idea how they manage to mess my site up that bad though.

<a href="http://simplykrissyoriginals.com/oxygen%2B2.21%2Bnokia%2Bcrack.php" class=giepoaytr target=_blank>oxygen 2.21 nokia cracka>


I'm hoping that my host will go throuhg the logs and find the culprit and ban them from the entire server.

Until then I have no idea how to fix my site, Im waiting toi see if my host has a recent backup they will install, I have db backups but the newest is 3 days old and I dont know how to install it.

Thanks.
Michael Jackson = King Of Pop

Xoops = King Of CMS

8
davidl2
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 18:20

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


It may be a hole somewhere else - and not on Xoops...

9
martyboy
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 18:27

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Quote:
by davidl2
by davidl2 on 2005/9/23 19:20:40

It may be a hole somewhere else - and not on Xoops...


True, but I have another XOOPS install on the server that has been affected the same way, the only other php thing I have on the server is one of these mobile content kits from http://www.mediaplazza.com its all php pages but it requires no sql database, however this does not seem to be affected, you can see it here http://mobileworld.mjtkop.com

Thanks.
Michael Jackson = King Of Pop

Xoops = King Of CMS

10
martyboy
Re: Help Needed ASAP, looks like ive been hacked? but how?
  • 2005/9/23 19:34

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Michael Jackson = King Of Pop

Xoops = King Of CMS

Login

Who's Online

237 user(s) are online (121 user(s) are browsing Support Forums)


Members: 0


Guests: 237


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits