Re: my site got hacked? [Q and A] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

my site got hacked?

2003/11/14 1:42
ninja
Just popping in
Posts: 70
Since: 2003/5/27

someone crazy kid posts tons of messages in news section at my site and whenever i click on the topic, a popup message appear saying "ya site is hacked by devil kid". I can't close that message at all. I have to to use task manager to close Internet explore.

it must be javascript, and i was wondering if it's possible not to allow javascript when posting? or control allow html tags?

2

Re: my site got hacked?

2003/11/14 2:19
mvandam
Quite a regular
Posts: 253
Since: 2003/2/7 2

Hmmm, can you post or PM the "source text" for one of those messages, then we can see explicitly how to prevent it. Do you allow HTML in your posts? Is this happening because someone is 'submitting' news, or are they actually posting 'approved' articles? Can you further restrict who is posting news?

3

Re: my site got hacked?

2003/11/14 5:07
ninja
Just popping in
Posts: 70
Since: 2003/5/27

I disable automatic in news already, that fixed it, but he now posted in forum and if i click on a topic
the popup msg appears and block the screen. U can't close, click or move anything, u have to shut down internet explore using task management

so i wasn't able to view the code.

4

Re: my site got hacked?

2003/11/14 5:16
gstarrett
Friend of XOOPS
Posts: 174
Since: 2002/3/12

Do you know how to directly query the database? If you have phpMySQL installed or SQLYog then you can go directly into the tables and find the offensive posts, sans IE's bugs.

Another option is to install a more "user friendly" browser that allows you to control and eliminate the pop-ups. Mozilla and Opera are both excellent browsers available for free, I use them both (and I even paid for Opera).

5

Re: my site got hacked?

2003/11/14 5:19
sunsnapper
Friend of XOOPS
Posts: 403
Since: 2002/4/10

You may be able to close the pop-up window by using ALT+F4

(the alt key and the F4 key hit at the same time).

If not, yeah, try mozilla or firebird.

It doesn't seem like your site got hacked though, right. I mean, you gave the guy automatic access? Or did I miss something.

Well, let us know if we can help further.

6

Re: my site got hacked?

2003/11/14 5:25
ninja
Just popping in
Posts: 70
Since: 2003/5/27

thanks for all your help!

yes I can use alt key and F4 to close

however, my users might not know that and they are stuck.

how do you define which html tags to allow in posting?

by the way, what do you mean buy automatic access? hmm he's a registered member, and only registered members can post

I did delete him, but then he can always register another nick

7

Re: my site got hacked?

2003/11/14 5:35
mvandam
Quite a regular
Posts: 253
Since: 2003/2/7 2

With XOOPS you (currently) cannot control which tags are displayed. If you enable HTML, ALL tags can be displayed. Much more serious things can be done to your site than just this simple annoying 'script' that this user did.

I would suggest turn OFF html for forum posts. Allow bb-code if you want users to have control over their text. BB-code is a relatively safe alternative. If you *did* only have bb code enabled, let us know...

For the news, you might *need* to enable html to achieve certain control... if that is the case, you should only give access to trusted 'editors' or 'moderators' for approving articles. Any time you give access to HTML you should only give access to trusted people.

8

Re: my site got hacked?

2003/11/14 5:49
sunsnapper
Friend of XOOPS
Posts: 403
Since: 2002/4/10

Oh, I read this too quickly I guess. I thought you had set up automatic registration approval. Now I understand, you just have a misbehaving user who is registered.

Disable HTML is messages and you should be good to go, as others have noted.

9

Re: my site got hacked?

2003/11/14 7:37
wtravel
Posts: 987
Since: 2003/8/27

I may have overlooked but where can I select to turn on (or off) HTML in news or forum messages?

Kind regards,

Martijn

10

Re: my site got hacked?

2003/11/14 8:00
Catzwolf
Home away from home
Posts: 1392
Since: 2007/9/30

My understanding of the way this works is that only users who have been givin webmaster or moderator status can post 'HTML' with a post.

Make sure that you registered users have not been given the status by accident. look in the system admin module/groups/registered users and then see which module you have checked to give this group 'module admin rights'

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

159 user(s) are online (85 user(s) are browsing Support Forums)

Members: 0

Guests: 159

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}