Re: Site is hacked [Q and A] - XOOPS Web Application System

11

Re: Site is hacked

2006/9/26 14:16
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

It's a good idea to backup reguarly.

JDSeymour wrote a very good script for MySQL that does an auto backup... built on a "cron" job... in otherwords it will automatically backup your data.

Check his site (http://www.warpig2.com I think) - as I think it should be there...

12

Re: Site is hacked

2006/9/26 14:16
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

It seems someone has an account with webmaster permission and delete all records from database (download files , images)

amnesiak :
this is not a XOOPS fault that someone can delete your site informations when he has a webmaster account.

also this is not related to XOOPS version.

could you check FTP to see if anyfile is changed?

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

13

Re: Site is hacked

2006/9/26 14:18
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

Hmmm - if thats the case, you really need to check who has admin rights to your site

14

Re: Site is hacked

2006/9/26 14:30
Peekay
XOOPS is my life!
Posts: 2335
Since: 2004/11/20

I can highly recommend phpMySQLAutoBackup

Dumps your site to a SQL file and emails it to you! Not sure how well it will handle a large XOOPS site, but I use it for other MySQL sites and it works a treat.

http://www.dwalker.co.uk/

A thread is for life. Not just for Christmas.

15

Re: Site is hacked

2006/9/26 15:25
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

there are only two admins on the site.
The other one is a best friend and even he was surprised as to what happened.

If I have to guess, the person who did it, must have used an exploit to give a regular user account special access.

Doing a simple google of his 'team' name which I provided, you'll see this person has 'hacked' quite a few sites.

@ irmtfan, I think you are misunderstanding the situation.
Lets say I have the picture module on your site, you don't need FTP access to delete a picture that is uploaded.

Its like a forum, if you are an admin, you don't need ftp access to delete a topic. You can delete files you upload by going to the correct module and then deleting the file you select.

We are talking about file uploads and pictures not any other file.

So my initial worry was that somebody would be able to gain access again by managing to gain admin rights again.

16

Re: Site is hacked

2006/9/26 16:29
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

....Double post....

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

17

Re: Site is hacked

2006/9/26 16:31
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

No im right.i know what happen and i know what you mean by wrote "Files and Pictures".
i just said its a local hack its more like someone found your password our your friend password and do it with a local hack.

do you have a personal firewall?
do you check your PC to found any virus?

do you download any untrusted file? or give a file via chat?

Quote:

You can delete files you upload by going to the correct module and then deleting the file you select.

more download center modules that i know dont delete "Files" they just delete records from database and files will be remain in the Physical Path.

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

18

Re: Site is hacked

2006/9/26 16:58
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

I've not given my password to anybody, I use a firewall and my pc scans itself every night.
It was my admin account that was renamed and the password changed though.
My password isn't easy to guess though.
I've emailed my host and I guess I just have to wait for their reply now.

19

Re: Site is hacked

2006/9/26 17:56
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

Ask server support is very needed in this issue because they can found any attempt to hack from logs.
wait for them and if you are worry about other attacks install "Protector"

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

20

Re: Site is hacked

2006/10/4 7:23
amnesiak
Just popping in
Posts: 12
Since: 2006/5/23

well the 'hacker' emailed me.
Telling me to call him.
Alright I guess I'll call him :S

Stats
Goal:	$100.00
Due Date:	Aug 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Re: Site is hacked

Login

Search

Recent Posts

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

XOOPS 2.5.12 Beta-2 available for Testing

PHP 8.4.0 Alpha 1 released

Overview of the Composer packages in Admin

Re: xoops_getBaseDomain

xoops_getBaseDomain

Re: Test 3

Test 3

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}