1
shank
Help! Hacked :-(
  • 2007/4/3 13:27

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


http://le-mank.com

Any Ideas on how to go about fixing this?
Any preventing it from happening again?

Anyone that can read the text I'll be glad to know what it says also.

Thanks,
Steve
s l s h a n k l e @ b e l l s o u t h . n e t

2
rabideau
Re: Help! Hacked :-(
  • 2007/4/3 13:41

  • rabideau

  • Home away from home

  • Posts: 1042

  • Since: 2003/4/25


What exactly is the problem??? Looks okay to me.


---edit---
Oppss.... Look at the bottom eh???

Looks like you have made some Turkish friends.

If you want to read some discussions on protecting your site you might go to:http://helpxoops.info
Pax vobiscum,
...mark

may the road rise to meet your feet!

http://treemagic.org

3
shank
Re: Help! Hacked :-(
  • 2007/4/3 13:49

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


You didn't get music and a big sign that says "This site has been Hacked"?

There should have been no music. you may have gone to it after I started messing with it and removed the top parts of the hacked sign.

Apparrently what has happened is that somehow the value of
<{$xoops_meta_keywords}>
and
<{$xoops_footer}>
has been changed to
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- 
saved from url=(0029)http://www.sanalcehennem.org/ -->
<!-- saved from url=(0027)http://www.yachtkarina.com/ --><HTML><HEAD><TITLE>NE MUTLU TÜRKÜM D&#304;YENE</title>
<META http-equiv=Content-Language content=tr>
<
div id="Laywer1" style="position:top; background-color:black; width:100%; height:100%; z-index:1 border: 1px none #000000; left: 0; top: 0;">

<
P align=center><FONT color=red size=6><B>This  site  WAS HACKED!!</B></FONT></P>

<
P align=center><FONT color=red size=6><B>K&#304;M BU CENNET VATANI UGRUNA OLMAZ K&#304; FEDA!!</B></FONT></P><META http-equiv=Content-Language content=tr>
<META content="MSHTML 6.00.2900.2873" name=GENERATOR>
<
META content=FrontPage.Editor.Document name=ProgId>
<
META http-equiv=Content-Type content="text/html; charset=windows-1254"><BGSOUND 
src
="" loop=infinite>
<
STYLE>.page {
    
BACKGROUND#ffffff; COLOR: #000000

}
.
tborder {
    
BORDER-RIGHT#0b198c 1px solid; BORDER-TOP: #0b198c 1px solid; BACKGROUND: #d1d1e1; BORDER-LEFT: #0b198c 1px solid; COLOR: #000000; BORDER-BOTTOM: #0b198c 1px solid
}
TD {
    
FONT10pt verdanagenevalucida'lucida grande'arialhelveticasans-serif
}
.
alt1 {
    
BACKGROUND#f5f5ff; COLOR: #000000
}
</
STYLE>
</
HEAD>
<
BODY text=#ffffff vLink=#00ff00 aLink=#00ff00 link=#800000 bgColor=#000000>
<SCRIPT language=JavaScript
if (
document.all){ 
Cols=10
Cl=15//Pe&thorn;pe&thorn;e geli&thorn; mesafeleri! 
Cs=120//Sayfaya enine yay&yacute;l&yacute;&thorn; mesafeleri! 
Ts=9//Rakamlar&yacute;n büyüklükleri! 
Tc='#008800';//Renk 
Tc1='#00ff00';//Renk1 
MnS=14//Ak&yacute;&thorn; h&yacute;zlar&yacute;! 
MxS=8//Ak&yacute;&thorn; h&yacute;zlar&yacute;! 
I=Cs
Sp=new Array();S=new Array();Y=new Array(); 
C=new Array();M=new Array();B=new Array(); 
RC=new Array();E=new Array();Tcc=new Array(0,1,7,9,3,2); 
document.write("<div id='Container' style='position:absolute;top:0;left:-"+Cs+"'>"); 
document.write("<div style='position:relative'>"); 
for(
i=0Colsi++){ 
src=http://5twenty8.com/images/logos/turkhackbirligi.org.mp3
document.write("</div></div>"); 
for(
j=0Colsj++){ 
RC[j]=1+Math.round(Math.random()*Cl); 
Y[j]=0
Sp[j]=Math.round(MnS+Math.random()*MxS); 
for(
i=0RC[j]; i++){ 
B[i]=''
C[i]=Math.round(Math.random()*1)+' '
M[j]=B[0]+=C[i]; 


function 
Cycle(){ 
Container.style.top=window.document.body.scrollTop
for (
i=0Colsi++){ 
var 
Math.floor(Math.random()*Tcc.length); 
E[i] = '<font color='+Tc1+'>'+Tcc[r]+'</font>'
Y[i]+=Sp[i]; 
if (
Y[i] > window.document.body.clientHeight){ 
for(
i2=0i2 Colsi2++){ 
RC[i2]=1+Math.round(Math.random()*Cl); 
for(
i3=0i3 RC[i2]; i3++){ 
B[i3]=''
C[i3]=Math.round(Math.random()*1)+' '
C[Math.floor(Math.random()*i2)]=' '+' '
M[i]=B[0]+=C[i3]; 
Y[i]=-Ts*M[i].length/1.5
A[i].style.visibility='visible'

Sp[i]=Math.round(MnS+Math.random()*MxS); 


A[i].style.top=Y[i]; 
A[i].innerHTML=M[i]+' '+E[i]+' '

setTimeout('Cycle()',20

Cycle(); 

</
SCRIPT>

<
SCRIPT language=JavaScript>
<!-- 
Begin
if (document.all) {
//Things you can alter
yourLogo " /Oguzhan
"
;  //Not less than 2 letters!
logoFont "Verdana";
logoColor "FFFFFF";
//Nothing needs altering below!
yourLogo yourLogo.split('');
yourLogo.length
TrigSplit 360 L;
Sz = new Array()
logoWidth 100;
logoHeight = -30;
ypos 0;
xpos 0;
step 0.03;
currStep 0;
document.write('<div id="outer" style="position:absolute;top:0px;left:0px"><div style="position:relative">');
for (
0Li++) {
document.write('<div id="ie" style="position:absolute;top:0px;left:0px;'
+'width:10px;height:10px;font-family:'+logoFont+';font-size:12px;'
+'color:'+logoColor+';text-align:center">'+yourLogo[i]+'</div>');
}
document.write('</div></div>');
function 
Mouse() {
ypos event.y;
xpos event.5;
}
document.onmousemove=Mouse;
function 
animateLogo() {
outer.style.pixelTop document.body.scrollTop
for (
0Li++) {
ie[i].style.top ypos logoHeight Math.sin(currStep TrigSplit Math.PI 180);
ie[i].style.left xpos logoWidth Math.cos(currStep TrigSplit Math.PI 180);
Sz[i] = ie[i].style.pixelTop ypos;
if (
Sz[i] < 5Sz[i] = 5;
ie[i].style.fontSize Sz[i] / 1.7;
}
currStep -= step;
setTimeout('animateLogo()'20);
}
window.onload animateLogo;
}
//  End -->
</SCRIPT>
<
SCRIPT language=Javascript>
<!--
var 
0
var speed 90
var text "SANALDAK&#304; LANET&#304;N&#304;Z SoNS@MuR@Y."
var course =76
var text2 text
function Scroll() {
window.status text2.substring(0text2.length)
if (
course text2.length) {
setTimeout("Scroll2()"speed)
}
else {
text2 " " text2
setTimeout
("Scroll()"speed);
}
}
function 
Scroll2() {
window.status text2.substring(xtext2.length)
if (
text2.length == text.length) { 
text2 text
0
setTimeout
("Scroll()"speed);
}
else {
x++
setTimeout("Scroll2()"speed);
}
}
Scroll()
//-->
</SCRIPT>
</
FONT<P align=center>&nbsp;</P>
<
P align=center><FONT color=#FF0000" size=6></FONT></P>
<P align=center>&nbsp;</P>
<
HTML><center><img border="0" src="http://img117.imageshack.us/img117/9017/bayrak34dtfc1.jpg" width="550" height="400"></center>
<
P align=center>&nbsp;&nbsp
<
CENTER><FONT style="FONT-SIZE: 9pt" face="Trebuchet MS" color=#cccccc><EMBED 
<embed src=http://www.ulusaldarbe.com/dosyalar/hacked.mp3 type="audio/mpeg" loop="true" height="0" 
<NOEMBED>.</NOEMBED></TD></FONT></CENTER>
<
P align=center><FONT color=white size=6><B>HACKED By SoNS@MuR@by_blade</B></FONT></P>
<
P align=center><FONT color=green size=6><B>Turkish HACKER//FOR &#304;SLAM</B></FONT></P>

<P align=center>&nbsp;</P><P align=center><FONT color=#FF0000" size=5>"NE MUTLU TÜRKÜM D&#304;YENE..!"</FONT></P>
<CENTER
<
MARQUEE class=scroller onmouseover=this.stop() onmouseout=this.start() 
scrollAmount=1 scrollDelay=100 direction=up width=200 height=120><FONT color=lime> <CENTER>Korkmasönmez bu &#351;afaklarda yüzen al sancak;<BR>Sönmeden yurdumun üstünde tüten en son ocak.<BR>O benim milletimin y&#305;ld&#305;z&#305;d&#305;r, parlayacak; <BR>O benimdir, o benim milletimindir ancak.<BR>Çatma, kurban olay&#305;m, çehreni ey nazl&#305; hilal!<BR>Kahraman &#305;rk&#305;ma bir gül! Ne bu &#351;iddet, bu celal? <BR>Sana olmaz dökülen kanlar&#305;m&#305;z sonra helal...<BR>Hakk&#305;d&#305;r, hakk'a tapan, milletimin istiklal!<BR><BR><FONT ></center><SCRIPT language=Javascript1.2> </SCRIPT><BGSOUND src="http://www.xs4all.nl/~orcl0521/musicfiles/Gerilim.mp" loop=-1></HEAD><BODY text=#00ff00 vLink=#FF0000 aLink=#00FFFF link=#FFFF00 bgColor=#000000 background="http://www.adanali.org/back.gif" onload=writetext();><SCRIPT language=JavaScript1.2> </SCRIPT></font></center>

</td>
</
tr>
<
tr
<
td valign="bottom" width="799" height="2"> </td>
</
tr>
</
table>
<
center>
<
p>
&
nbsp;</p>


I put it back up where you should be able to see what it is doing now.
s l s h a n k l e @ b e l l s o u t h . n e t

4
rabideau
Re: Help! Hacked :-(
  • 2007/4/3 13:50

  • rabideau

  • Home away from home

  • Posts: 1042

  • Since: 2003/4/25


They seem to be from here:

http://www.sanalcehennem.org/
http://www.yachtkarina.com/

The code the added is: viewable from your View Source on the index.php page.

You can clean the code and ban their IPs at a minimum....
Pax vobiscum,
...mark

may the road rise to meet your feet!

http://treemagic.org

5
davidl2
Re: Help! Hacked :-(
  • 2007/4/3 14:43

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I've edited the title - as the religious belief's of the hackers are not relevant.

1 - Repair what you can.... and make a seperate backup of everything

2 - Check you've the latest versions of all the modules. For example, what version of wf-download are you running? And UPDATE asap. Most importantly - make sure you're not running XOOPS before version 2.0.16 .... even if an odd module doesnt work... it's still going to be more secure then older releases.

3 - Personally, in this case, I'd either restore an old backup - or make a fresh install... re-copying the database and data backup from part one.

4 - Make sure the latest release of Protector is installed. You may also want to check permissions of all the relevent files.. I think some advise on this can be found at www.xoopsinfo.com

I've been hacked myself - and recovered....
you will also!

Also you may find some additional information at: www.xoopsinfo.com - which is a XOOPS Specific site Also remember we can help you here as well

6
JMorris
Re: Help! Hacked :-(
  • 2007/4/3 15:22

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


The following FAQ entry covers some of the basics of what you can do to recover your site from a hacking.

My site has been hacked! What do I do?

HTH.

James
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

7
shank
Re: Help! Hacked :-(
  • 2007/4/3 15:26

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


No time right now to go over the links provided, will do so later.

I did fix the hacking back to the way it was.

apparrently they got into the database some how and changed some things.

Repaired it by going to admin, preferances, meta and footer, then just cleared the keywords and footer boxes.
s l s h a n k l e @ b e l l s o u t h . n e t

8
davidl2
Re: Help! Hacked :-(
  • 2007/4/3 15:49

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I would also, as well as my own suggestions above, recommend checking out this article at www.xoopsinfo.com :

here

9
MadFish
Re: Help! Hacked :-(
  • 2007/4/3 16:23

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


If you think they got into your database then I suggest you change all of your passwords to much stronger ones (in addition to the above), and restoring a pre-hack backup sounds like a very good idea.

10
davidl2
Re: Help! Hacked :-(
  • 2007/4/3 16:29

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Good suggestion

Login

Who's Online

182 user(s) are online (85 user(s) are browsing Support Forums)


Members: 0


Guests: 182


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits