1
DavidJ7
HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 2:59

  • DavidJ7

  • Just popping in

  • Posts: 13

  • Since: 2006/9/29


That's the msg at top and bottom of the admin page, all the module logos, gone...

Admin can be accessed by direct link i.e.
www.xoopsurl.com/admin.php or
www.xoopsurl.com/modules/system/admin.php and everything is there, mods, data, even the site seems normal to anon and registered users.

So what did he f-up and how do I replace it? I'll deal with the upgades (it's a 2.0.9.2 install) and beefing up security soon after.

Thanks in advance,
DJ.
P.S. How about some turkish xoopsters find this asswipe and break his fingers

2
JCDunnart
Re: HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 4:52

  • JCDunnart

  • Not too shy to talk

  • Posts: 114

  • Since: 2006/7/1 5


He possibly replaced the cache/adminmenu.php file. You can delete it, then access the admin section again. You'll see "this is the first time you enter the admin"...etc. When you press the submit button a new adminmenu.php file is generated.

Hopefully that's all they've done.

3
OldFriend
Re: HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 12:42

  • OldFriend

  • Just popping in

  • Posts: 99

  • Since: 2005/10/28


I was hacked by this same hacker about 6 months ago.

It seems that he had placed index.html files into every directory.

I found it easiest to restore the site from a backup.

4
canbula
Re: HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 14:07

  • canbula

  • Just popping in

  • Posts: 42

  • Since: 2006/7/10


I am a Turkish xoopser too..and admin of one of the Turkish support sites..I don't know who is Kartal..but if you use 2.0.9.2 he can hack your site again and again because for this version some bugs are very popular in Turkey..and also putting an index.html file in all directories is very popular..so I think you must upgrade your XOOPS and be very careful about chmods
http://www.xoops-tr.com - Turkish Xoops

5
davidl2
Re: HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 15:04

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I would definitely advise any user with a version before 2.0.16 to upgrade.... although obviously test your installation first, and backup all your existing site & data....

There has been a LOT of security updates since the days of 2.0.9

6
zeroram
Re: HACKED BY KARTAL [ TURKiSH HACKER ]
  • 2007/1/5 16:49

  • zeroram

  • Friend of XOOPS

  • Posts: 326

  • Since: 2004/6/30


Seem this guy belong to one of this groups... to trace him is going to be really hard...

check this site:

http://www.zone-h.org/component/option,com_frontpage/Itemid,1/


and try your best on you log files ( if your hosting have that feature) and try to find something useful you can use for tracing...

Login

Who's Online

78 user(s) are online (58 user(s) are browsing Support Forums)


Members: 0


Guests: 78


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits