1
aharon
Xoops site hacked...
  • 2009/12/18 15:14

  • aharon

  • Not too shy to talk

  • Posts: 172

  • Since: 2004/9/17


Hi,

A XOOPS site I run has been hacked.. :(

All http requests take me to another site, a porn site.. I looked for that site's URL in the database, and in the installed XOOPS files - but no joy..

I can not login as admin/user because each page takes me to that pron site..

Any ideas/clues what can be done to fix this? Where should I look?

Thanks!

2
ghia
Re: Xoops site hacked...
  • 2009/12/18 15:53

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Probably a theme or index file is altered.
Delete all files and replace them from the latest known good backup.
You could also take a backup again and do a file compare with the latest known good backup.
Maybe also the file check (see release notes) could help.

(You didn't use the alias password from your last post?)

3
Mazar
Re: Xoops site hacked...
  • 2009/12/18 23:07

  • Mazar

  • Not too shy to talk

  • Posts: 191

  • Since: 2009/1/4 0


Check your .htaccess file in the root of your site. it might have been altered find any redirection set there and delete it.

4
aharon
Re: Xoops site hacked...
  • 2009/12/19 1:17

  • aharon

  • Not too shy to talk

  • Posts: 172

  • Since: 2004/9/17


Thanks ghia for the ideas!

I did all your suggestions but for no avail. Indeed, putting the backup on, it seems to collapse the first page, and when I try to register, am being moved to the porn site.. (Turns out there are a few of these..)

5
aharon
Re: Xoops site hacked...
  • 2009/12/19 1:47

  • aharon

  • Not too shy to talk

  • Posts: 172

  • Since: 2004/9/17


Thanks for the thought, LadyHacker. The htaccess on the root is fine..

The only thing I did which managed to slightly mitigate the hack is to change the name of the theme folder. When I do that, I can get to the file I want, e.g. user.php - but can not see anything.. It makes me think they might have changed something on the theme, but I can not find anything what so ever..

Many thanks!

6
ghia
Re: Xoops site hacked...
  • 2009/12/19 2:21

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


That backup, is that done with the host admin panel? If that gets redirected too, when it is on a special port number, then it can be that your DNS records are altered.
Did you try a ping to your site and the porn site to see if the IP addresses are still different?

Check all the files of your theme for strange URL's with a search for http. Reload the theme files from a backup or the original ZIP file.

Did you run the file check?

Login

Who's Online

153 user(s) are online (90 user(s) are browsing Support Forums)


Members: 0


Guests: 153


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits