1
chriswe
my website was hacked! Now what?
  • 2007/3/18 0:35

  • chriswe

  • Just popping in

  • Posts: 37

  • Since: 2007/1/12


they hacked my website and left a stupid banner...:

"greek nation
you have always afraid of us!
when you hear our name you have shaken!
do not ever forget that...

hacked by dengesiz team

we are turk

http://www.dengesiz-team.org"

Why did they leave their url? why are they doing this? how do I remove this?

2
rabideau
Re: my website was hacked! Now what?
  • 2007/3/18 1:17

  • rabideau

  • Home away from home

  • Posts: 1042

  • Since: 2003/4/25


If you backed up your site, simply restore your site over their trash.

If you didn't... you may have to rebuild from your last stable or recoverable point. It sucks...

Should you wish to see a simple backup strategy go here:
http://helpxoops.info/modules/content/index.php?id=19
Pax vobiscum,
...mark

may the road rise to meet your feet!

http://treemagic.org

3
chriswe
Re: my website was hacked! Now what?
  • 2007/3/18 1:28

  • chriswe

  • Just popping in

  • Posts: 37

  • Since: 2007/1/12


no...I don't have any backups! The website wasn't even open for public and nowhere registered, so I didn't think about it.

The only thing i see is their banner and the name and slogan of the website changed. Do they normally leave stuff somewhere else?

sorry, but what do you mean with "have to rebuild from your last stable or recoverable point"?

4
attock
Re: my website was hacked! Now what?
  • 2007/3/18 2:15

  • attock

  • Not too shy to talk

  • Posts: 138

  • Since: 2006/8/20


Usually hackers would leave their logo and name behind - to show off.

You said the website was not for public, so I am guessing you wont have a lot of users - which means you havnt lost much. A new fresh installtion will be the way to go.

Or, check yer ftp look for the index.html \ index.php file under yer public_html root. Its possible the hackers only replaced yer index.html\php file.

Most importantly, you need to change yer all passwords, and like rabideau mentioned goto
http://helpxoops.info/modules/content/index.php?id=19
to aviod it from happening again.

And if I can ask, wots yer website url?

5
ewonline
Re: my website was hacked! Now what?
  • 2007/3/18 3:08

  • ewonline

  • Not too shy to talk

  • Posts: 198

  • Since: 2004/11/17


Take a look at your database and see if its intact. You may be able to use the data in there and just get new XOOPS files.

Do what attock said, see if they overwrote your index file. Also, clear your cache (cache, templates_c) folders, see if that helps.
Resized Image

6
svaha
Re: my website was hacked! Now what?
  • 2007/3/18 12:36

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


Quote:

chriswe wrote:
they hacked my website and left a stupid banner...:

"greek nation
you have always afraid of us!
when you hear our name you have shaken!
do not ever forget that...

hacked by dengesiz team

we are turk

http://www.dengesiz-team.org"

Why did they leave their url? why are they doing this? how do I remove this?


First look if they replaced your index.php in the root, or placed an index.html file.
In the first case replace the index.php with your own (xoops) index.php, in the second case delete the index.html
hth

[edit]Oeps, I read attock placed a similar post [/edit]

7
skenow
Re: my website was hacked! Now what?
  • 2007/3/18 13:10

  • skenow

  • Home away from home

  • Posts: 993

  • Since: 2004/11/17


I find these a bit more complete than the HelpXoops page -

https://xoops.org/modules/smartfaq/faq.php?faqid=621
https://xoops.org/modules/smartfaq/faq.php?faqid=214
https://xoops.org/modules/smartfaq/faq.php?faqid=197

Other things to check with your host -
Make sure anonymous FTP is disabled
Make sure the MySQL 'root' user has a password
Do they do regular backups?
The server logs can help identify when this happened and the IP of attacker

Things you may not think of -
You have all the XOOPS files you need - in the local folders you created before uploading to your site.

Things to do after you get back online -
Install Protector
Create a backup process and schedule for both the database and the files/folders

8
BlueStocking
Re: my website was hacked! Now what?

Do you use XOOPS?

A google search of cjfj.net and looking at their cache of your site and the view source does not indicate you where using this XOOPS system. (the source view does show full path names for editing your site)

Also a look at whois.ws does show you are listed and under domain information it gives more information regarding your site performance.

http://whois.ws/whois-net/ip-address/cjfj.net/
http://whois.ws/domain_information-net/cjfj.net/

Your site is pretty public to be considered private.
Maybe you are using oops instead of XOOPS.

I am sorry to hear about you or anyone getting hacked, that is not good.

BS
hhttps://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

9
chriswe
Re: my website was hacked! Now what?
  • 2007/3/18 19:40

  • chriswe

  • Just popping in

  • Posts: 37

  • Since: 2007/1/12


Quote:

BlueStocking wrote:
Do you use XOOPS?


yes on 4 different websites...but not on cjfj.net!

10
chriswe
Re: my website was hacked! Now what?
  • 2007/3/18 19:42

  • chriswe

  • Just popping in

  • Posts: 37

  • Since: 2007/1/12


Quote:

skenow wrote:
Make sure anonymous FTP is disabled
Make sure the MySQL 'root' user has a password
Do they do regular backups?
The server logs can help identify when this happened and the IP of attacker



-anonymous FTP is disabled
-MySQL 'root' user has a password
-I don't think they do backups...
-What can I do if I find out the attackers IP?

Login

Who's Online

289 user(s) are online (225 user(s) are browsing Support Forums)


Members: 0


Guests: 289


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits