11
Neppomuk
Re: Help! Hacked :-(
  • 2007/4/3 18:58

  • Neppomuk

  • Just popping in

  • Posts: 1

  • Since: 2002/3/16


Any ideas about the security hole? I've been hacked, too, and I really wonder what was changed. I can't find anything in the database and in the php-files.

12
Shelia
Re: Help! Hacked :-(
  • 2007/4/4 1:37

  • Shelia

  • Not too shy to talk

  • Posts: 140

  • Since: 2003/6/22


I can't figure out how thishttp://www.vaue160.org/union/modules/wfsection/ was done! Can you tell me how to fix this? I would like to start using SmartSections if I can transfer my articles.

13
JMorris
Re: Help! Hacked :-(
  • 2007/4/4 2:47

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


WF-Section is an old module that is no longer supported, as far as I know. As such, any security vulnerabilities are not being watch and/or patched as quickly as more active projects such as SmartSection.

My recommendation would be to migrate to SmartSection as it's development and support is quite proactive.

HTH.

James
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

14
MadFish
Re: Help! Hacked :-(
  • 2007/4/4 2:49

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


Just a guess here, but take a look in some of your index.php and index.htm files to see if they all have hacker code in them. I bet all of them have been overwritten.

If your site is on a shared server, it is most likely that the server itself has been compromised (ie. that the hole is not in your personal account, although it is still possible of course).

Let your host know as they may need to clean up the server. However, don't trust them to clean up your account - do that yourself!

15
Shelia
Re: Help! Hacked :-(
  • 2007/4/4 3:20

  • Shelia

  • Not too shy to talk

  • Posts: 140

  • Since: 2003/6/22


No that was the only file defaced! The hack had to be to my database on the shared server - I've changed all the passwords.

Is there a script to convert my articles to SmartSections?

16
davidl2
Re: Help! Hacked :-(
  • 2007/4/4 7:50

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Unfortunately there isn't a script yet for Wf-Section 2.x to SmartSection... although I'm sure the SmartFactory team would love to see one, if someone was to write it

I do believe however that Phppp's Article module (not to be confused with AndyM's Articles module!) may have a transfer script.

17
mpowell
Re: Help! Hacked :-(
  • 2007/4/7 7:10

  • mpowell

  • Friend of XOOPS

  • Posts: 119

  • Since: 2004/2/10


OK.

I found the information in the database - config footer and config metadata - that had been corrupted.

However, even after erasing this information in the database I still get the islamic message.

What am I missing?

18
winnesoup
Re: Help! Hacked :-(
  • 2007/4/7 8:53

  • winnesoup

  • Just popping in

  • Posts: 29

  • Since: 2004/10/15


Quote:

mpowell wrote:
OK.

I found the information in the database - config footer and config metadata - that had been corrupted.

However, even after erasing this information in the database I still get the islamic message.

What am I missing?


Just clear the contents of your templates_c and cache directory. Then do a refresh on your page.

19
davidl2
Re: Help! Hacked :-(
  • 2007/4/7 9:58

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Quote:

JMorris wrote:
WF-Section is an old module that is no longer supported, as far as I know. As such, any security vulnerabilities are not being watch and/or patched as quickly as more active projects such as SmartSection.

My recommendation would be to migrate to SmartSection as it's development and support is quite proactive.

HTH.

James


This is very true - although Catzwolf (aka John_N) has said that he will try and release a more secure version of this module shortly... however as he has other projects, I would suspsect this will not be updated as regularly as SmartSection or Phppp's "Article" module.

(I think Phppp's Article module has an import script for WF-Section 1 & 2 as well?)

20
ladysham
Re: Help! Hacked :-(
  • 2007/4/9 2:19

  • ladysham

  • Quite a regular

  • Posts: 274

  • Since: 2003/11/11


I was hacked also. Didn't really see anything until I went and looked at the blocks. The hacker was able to insert a custom block into my XOOPS with a redirect to his website.

For the moment, I've shut down my website to see what I want to do.

Kelly Ling
Kelly Ling
Shamrock's Web Design
http://www.shamrocksweb.com

If you're coming to see my house - give me two weeks. If you're coming to see ME - come any time!

Login

Who's Online

159 user(s) are online (114 user(s) are browsing Support Forums)


Members: 0


Guests: 159


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits