11
Bender
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:24

  • Bender

  • Home away from home

  • Posts: 1899

  • Since: 2003/3/10


Stop saying you need solutions when you don´t want to provide answers.

You are upset thats fine but you have been asked for some more information several times and you just don´t answer stuff thats required to help you out.


So back to square one:

1. Suspicion is they might have used myads to get in

Why do you still have that module active on the espanol site version? Just waiting for things to happen? Especially since there is no content in that module.

2. Do you have an idea when it happened? Can you please have a look into the server logs? (if you dont know how ... ask your provider for them)

3. Do you have a backup of the database and your files from the website?

3. If you don´t have a backup - does your provider do backups? Can they restore files and database

4. If you get a backup somehow then go back to that and disable the myads module until a solution is found for that.
(unless by looking at the server logs there might be another source of the issue) It could still be an attack from another website on the same server being hacked or whatever.

5. Did you contact your provider at all to see if more people on the same server have problems?
(Assuming you are on shared hosting)

6. Install the protector module if you havent done already
Sorry, this signature is experiencing technical difficulties. We will return you to the sheduled signature as soon as possible ...

12
zyspec
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:36

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


It appears most of the database is 'complete'. I can get to all of the "normal" screens (user.php, edituser.php, newbb forum, etc). It appears they may have either replaced your index.php file (or perhaps deleted it) or replaced the contents of mainfile.php.

I'd check the file date/times of index.php, index.html, and mainfile.php as likely suspects with a ftp client. I'd just copy over the index.html and index.php file with those from the XOOPS distribution just to make sure.

You'll need to look at the contents of mainfile.php to make sure it looks 'reasonable' - you can't just copy over it unless you have a previous backup.

In addition to bender's recommendation I would do the following:

1) empty your /cache and /templates directories.
2) put an index.html file in the /cache and /templates_c directories. Use the ones from the 2.0.14 zip file.
3) make sure that mainfile.php is read only (CHMOD 444).
4) delete the /install and /upgrade directories if they exist

13
ipwgc
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:41

  • ipwgc

  • Quite a regular

  • Posts: 216

  • Since: 2005/8/13


Bender wrote:
Quote:
Stop saying you need solutions when you don´t want to provide answers.


OK, BENDER, SORRY FOR THAT, BUT YOU GIVE ME POSSIBLE SOLUTION, THANK YOU.
Blessings
David

14
zyspec
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:44

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


David,
An additional thing you may want to check is to verify that you're using the latest version of all your modules. For example piCal had a XSS bug in versions < 0.86. You can get the latest version here.

15
ipwgc
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:51

  • ipwgc

  • Quite a regular

  • Posts: 216

  • Since: 2005/8/13


Quote:

zyspec wrote:
1) empty your /cache and /templates directories.
2) put an index.html file in the /cache and /templates_c directories. Use the ones from the 2.0.14 zip file.
3) make sure that mainfile.php is read only (CHMOD 444).
4) delete the /install and /upgrade directories if they exist


ok, zyspec.
1. cache and templates directories it ready. Empty whith 2. the index.html file on it.
3. The mainfile.php is read only (CHMOD 444). it OK
4. I DON'T HAVE THE UPGREDE ON THE ROOT, IT OK.

DAVID

16
zyspec
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 14:58

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


One other thing you can do is report this to ImageShack
since this clearly violates their policies. Maybe they can help you track down the IP address. You can report the abuse here.

You'll need to give them the URL of the image (http://img48.imageshack.us/img48/2264/mads23af.jpg)

17
davidl2
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 15:10

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


And make sure you disable MyAds as soon as possible.

18
ipwgc
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 15:50

  • ipwgc

  • Quite a regular

  • Posts: 216

  • Since: 2005/8/13


Quote:

davidl2 wrote:
And make sure you disable MyAds as soon as possible.


OK, The module MyAds is deleted on my 2 site, english and spanish.

1. Which is the reason that you are attributing this hacked to the modulate MyAds?
2. It won't be the new version that has a window open?

I am making what I can to eliminate this intruder of my portal.
Thank you for the whole help that all are giving me.
David

19
davidl2
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 15:56

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Quote:

ipwgc wrote:
1. Which is the reason that you are attributing this hacked to the modulate MyAds?


https://xoops.org/modules/newbb/viewtopic.php?topic_id=51000&forum=28&post_id=224959#forumpost224959

20
Peekay
Re: URGENT - PLEASE MY SITE IS HACKED TODAY Friday june 30
  • 2006/6/30 16:46

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Would it be useful to have a FAQ here on Xoops.org listing those modules (i.e. specific versions) that are known to be vulnerable?
A thread is for life. Not just for Christmas.

Login

Who's Online

343 user(s) are online (269 user(s) are browsing Support Forums)


Members: 0


Guests: 343


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits