1
Byron
Website theme defaced
  • 2008/1/28 21:45

  • Byron

  • Just popping in

  • Posts: 14

  • Since: 2004/9/25


I had an email from one of my users this morning telling me that my site had been hacked. Sure enough, when I went there I saw a single political page rather than my XOOPS home page. The page kept coming up even when I tried to access through files like user.php or register.php.

Basically, it turned out that theme.html.php in templates_c was displaying the foreign page. Once I deleted that file, everything went back to normal. I've checked the theme settings in preferences and the database, but haven't found anything so far. I'm using XOOPS 2.2.3 btw.

I've been in touch with my host, just to make sure they know what's going on. But none of my files were altered, and I'm not seeing anything that shouldn't be there, so I'm guessing this was some sort of injection attack.

Does anyone have any ideas what might have caused this? Aside from using the outdated. 2.2 branch, I have a couple of different things I'm looking at:

1. XoopsGallery recently had a security hole revealed. Currently I'm running 1.3, but I'm working on upgrading to the new version.

2. I recently activated WF-Downloads in order to host some files. Not sure if this could be the culprit, or if it's just a coincidence.

After deleting the theme file, it looks like everything is working, though I still have a placeholder index.html on the site atm. My plan now is to make backups and then upgrade to the most recent XOOPS release (is there a script that will roll back from 2.2?)

If anyone else has any help or advice on what to check, it would be much appreciated. Thanks!

Login

Who's Online

298 user(s) are online (224 user(s) are browsing Support Forums)


Members: 1


Guests: 297


Harald0123,

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits