XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / Help! Hacked :-(
Register
1
shank
Help! Hacked :-(

  • 2007/4/3 13:27

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


hhttp://le-mank.com

Any Ideas on how to go about fixing this?
Any preventing it from happening again?

Anyone that can read the text I'll be glad to know what it says also.

Thanks,
Steve
s l s h a n k l e @ b e l l s o u t h . n e t
2
rabideau
Re: Help! Hacked :-(

  • 2007/4/3 13:41

  • rabideau

  • Home away from home

  • Posts: 1042

  • Since: 2003/4/25


What exactly is the problem??? Looks okay to me.


---edit---
Oppss.... Look at the bottom eh???

Looks like you have made some Turkish friends.

If you want to read some discussions on protecting your site you might go to: http://helpxoops.info
Pax vobiscum,
...mark

may the road rise to meet your feet!

http://treemagic.org
3
shank
Re: Help! Hacked :-(

  • 2007/4/3 13:49

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


You didn't get music and a big sign that says "This site has been Hacked"?

There should have been no music. you may have gone to it after I started messing with it and removed the top parts of the hacked sign.

Apparrently what has happened is that somehow the value of
<{$xoops_meta_keywords}>
and
<{$xoops_footer}>
has been changed to
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

NE MUTLU TÜRKÜM DİYENE
<META http-equiv=Content-Language content=tr>
<div id="Laywer1" style="position:top; background-color:black; width:100%; height:100%; z-index:1 border: 1px none #000000; left: 0; top: 0;">

<P align=center><FONT color=red size=6><B>This  site  WAS HACKED!!B>FONT>P>

<P align=center><FONT color=red size=6><B>K&#304;M BU CENNET VATANI UGRUNA OLMAZ Kİ FEDA!!


<META content="MSHTML 6.00.2900.2873" name=GENERATOR>
<META content=FrontPage.Editor.Document name=ProgId>
<META http-equiv=Content-Type content="text/html; charset=windows-1254"><BGSOUND 
src="" loop=infinite>
<STYLE>.page {
    BACKGROUND#ffffff; COLOR: #000000

}
.tborder {
    BORDER-RIGHT#0b198c 1px solid; BORDER-TOP: #0b198c 1px solid; BACKGROUND: #d1d1e1; BORDER-LEFT: #0b198c 1px solid; COLOR: #000000; BORDER-BOTTOM: #0b198c 1px solid
}
TD {
    FONT10pt verdanagenevalucida'lucida grande'arialhelveticasans-serif
}
.alt1 {
    BACKGROUND#f5f5ff; COLOR: #000000
}
STYLE>
HEAD>
<BODY text=#ffffff vLink=#00ff00 aLink=#00ff00 link=#800000 bgColor=#000000>
<SCRIPT language=JavaScript
if (document.all){ 
Cols=10
Cl=15//Peþpeþe geliþ mesafeleri! 
Cs=120//Sayfaya enine yayýlýþ mesafeleri! 
Ts=9//Rakamlarýn büyüklükleri! 
Tc='#008800';//Renk 
Tc1='#00ff00';//Renk1 
MnS=14//Akýþ hýzlarý! 
MxS=8//Akýþ hýzlarý! 
I=Cs
Sp=new Array();S=new Array();Y=new Array(); 
C=new Array();M=new Array();B=new Array(); 
RC=new Array();E=new Array();Tcc=new Array(0,1,7,9,3,2); 
document.write("+Cs+"'>"); 
document.write(""); 
for(i=0Colsi++){ 
src=http://5twenty8.com/images/logos/turkhackbirligi.org.mp3
document.write("
"); 
for(j=0Colsj++){ 
RC[j]=1+Math.round(Math.random()*Cl); 
Y[j]=0
Sp[j]=Math.round(MnS+Math.random()*MxS); 
for(i=0RC[j]; i++){ 
B[i]=''
C[i]=Math.round(Math.random()*1)+' '
M[j]=B[0]+=C[i]; 


function Cycle(){ 
Container.style.top=window.document.body.scrollTop
for (i=0Colsi++){ 
var Math.floor(Math.random()*Tcc.length); 
E[i] = '+Tc1+'>'+Tcc[r]+''
Y[i]+=Sp[i]; 
if (Y[i] > window.document.body.clientHeight){ 
for(i2=0i2 Colsi2++){ 
RC[i2]=1+Math.round(Math.random()*Cl); 
for(i3=0i3 RC[i2]; i3++){ 
B[i3]=''
C[i3]=Math.round(Math.random()*1)+' '
C[Math.floor(Math.random()*i2)]=' '+' '
M[i]=B[0]+=C[i3]; 
Y[i]=-Ts*M[i].length/1.5
A[i].style.visibility='visible'

Sp[i]=Math.round(MnS+Math.random()*MxS); 


A[i].style.top=Y[i]; 
A[i].innerHTML=M[i]+' '+E[i]+' '

setTimeout('Cycle()',20

Cycle(); 

SCRIPT>

<SCRIPT language=JavaScript>

SCRIPT>
<SCRIPT language=Javascript>

SCRIPT>
FONT<P align=center>&nbsp;P>
<P align=center><FONT color=#FF0000" size=6>


<P align=center>&nbsp;P>
<HTML><center><img border="0" src="http://img117.imageshack.us/img117/9017/bayrak34dtfc1.jpg" width="550" height="400">center>
<P align=center>&nbsp;&nbsp
<CENTER><FONT style="FONT-SIZE: 9pt" face="Trebuchet MS" color=#cccccc><embed src=http://www.ulusaldarbe.com/dosyalar/hacked.mp3 type="audio/mpeg" loop="true" height="0" 
<NOEMBED>.NOEMBED>TD>FONT>CENTER>
<P align=center><FONT color=white size=6><B>HACKED By SoNS@MuR@by_bladeB>FONT>P>
<P align=center><FONT color=green size=6><B>Turkish HACKER//FOR İSLAM



<P align=center>&nbsp;P><P align=center><FONT color=#FF0000" size=5>"NE MUTLU TÜRKÜM DİYENE..!"


<CENTER
<MARQUEE class=scroller onmouseover=this.stop() onmouseout=this.start() 
scrollAmount=1 scrollDelay=100 direction=up width=200 height=120><FONT color=lime> <CENTER>Korkmasönmez bu &#351;afaklarda yüzen al sancak;
Sönmeden yurdumun üstünde tüten en son ocak.
O benim milletimin yıldızıdır, parlayacak; 
O benimdir, o benim milletimindir ancak.
Çatma, kurban olayım, çehreni ey nazlı hilal!
Kahraman ırkıma bir gül! Ne bu şiddet, bu celal? 
Sana olmaz dökülen kanlarımız sonra helal...
Hakkıdır, hakk'a tapan, milletimin istiklal!

  

td>
tr>
<tr
<td valign="bottom" width="799" height="2"td>
tr>
table>
<center>
<p>
&nbsp;p>


I put it back up where you should be able to see what it is doing now.
s l s h a n k l e @ b e l l s o u t h . n e t
4
rabideau
Re: Help! Hacked :-(

  • 2007/4/3 13:50

  • rabideau

  • Home away from home

  • Posts: 1042

  • Since: 2003/4/25


They seem to be from here:

http://www.sanalcehennem.org/
http://www.yachtkarina.com/

The code the added is: viewable from your View Source on the index.php page.

You can clean the code and ban their IPs at a minimum....
Pax vobiscum,
...mark

may the road rise to meet your feet!

http://treemagic.org
5
davidl2
Re: Help! Hacked :-(

  • 2007/4/3 14:43

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I've edited the title - as the religious belief's of the hackers are not relevant.

1 - Repair what you can.... and make a seperate backup of everything

2 - Check you've the latest versions of all the modules. For example, what version of wf-download are you running? And UPDATE asap. Most importantly - make sure you're not running XOOPS before version 2.0.16 .... even if an odd module doesnt work... it's still going to be more secure then older releases.

3 - Personally, in this case, I'd either restore an old backup - or make a fresh install... re-copying the database and data backup from part one.

4 - Make sure the latest release of Protector is installed. You may also want to check permissions of all the relevent files.. I think some advise on this can be found at http://www.xoopsinfo.com

I've been hacked myself - and recovered....
you will also!

Also you may find some additional information at: http://www.xoopsinfo.com - which is a XOOPS Specific site Also remember we can help you here as well
6
JMorris
Re: Help! Hacked :-(

  • 2007/4/3 15:22

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


The following FAQ entry covers some of the basics of what you can do to recover your site from a hacking.

My site has been hacked! What do I do?

HTH.

James
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.
7
shank
Re: Help! Hacked :-(

  • 2007/4/3 15:26

  • shank

  • Not too shy to talk

  • Posts: 144

  • Since: 2004/8/17


No time right now to go over the links provided, will do so later.

I did fix the hacking back to the way it was.

apparrently they got into the database some how and changed some things.

Repaired it by going to admin, preferances, meta and footer, then just cleared the keywords and footer boxes.
s l s h a n k l e @ b e l l s o u t h . n e t
8
davidl2
Re: Help! Hacked :-(

  • 2007/4/3 15:49

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I would also, as well as my own suggestions above, recommend checking out this article at http://www.xoopsinfo.com :

here
9
MadFish
Re: Help! Hacked :-(

  • 2007/4/3 16:23

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


If you think they got into your database then I suggest you change all of your passwords to much stronger ones (in addition to the above), and restoring a pre-hack backup sounds like a very good idea.
10
davidl2
Re: Help! Hacked :-(

  • 2007/4/3 16:29

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Good suggestion
(1) 2 3 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

492 user(s) are online (94 user(s) are browsing Support Forums)

Members: 0

Guests: 492

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits