xoops forums

DavidJ7

Just popping in
Posted on: 2007/1/5 2:59
DavidJ7
DavidJ7 (Show more)
Just popping in
Posts: 13
Since: 2006/9/29
#1

HACKED BY KARTAL [ TURKiSH HACKER ]

That's the msg at top and bottom of the admin page, all the module logos, gone...

Admin can be accessed by direct link i.e.
www.xoopsurl.com/admin.php or
www.xoopsurl.com/modules/system/admin.php and everything is there, mods, data, even the site seems normal to anon and registered users.

So what did he f-up and how do I replace it? I'll deal with the upgades (it's a 2.0.9.2 install) and beefing up security soon after.

Thanks in advance,
DJ.
P.S. How about some turkish xoopsters find this asswipe and break his fingers

JCDunnart

Not too shy to talk
Posted on: 2007/1/5 4:52
JCDunnart
JCDunnart (Show more)
Not too shy to talk
Posts: 114
Since: 2006/7/1 5
#2

Re: HACKED BY KARTAL [ TURKiSH HACKER ]

He possibly replaced the cache/adminmenu.php file. You can delete it, then access the admin section again. You'll see "this is the first time you enter the admin"...etc. When you press the submit button a new adminmenu.php file is generated.

Hopefully that's all they've done.

OldFriend

Just popping in
Posted on: 2007/1/5 12:42
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#3

Re: HACKED BY KARTAL [ TURKiSH HACKER ]

I was hacked by this same hacker about 6 months ago.

It seems that he had placed index.html files into every directory.

I found it easiest to restore the site from a backup.

canbula

Just popping in
Posted on: 2007/1/5 14:07
canbula
canbula (Show more)
Just popping in
Posts: 42
Since: 2006/7/10
#4

Re: HACKED BY KARTAL [ TURKiSH HACKER ]

I am a Turkish xoopser too..and admin of one of the Turkish support sites..I don't know who is Kartal..but if you use 2.0.9.2 he can hack your site again and again because for this version some bugs are very popular in Turkey..and also putting an index.html file in all directories is very popular..so I think you must upgrade your XOOPS and be very careful about chmods
http://www.xoops-tr.com - Turkish Xoops

davidl2

XOOPS is my life!
Posted on: 2007/1/5 15:04
davidl2
davidl2 (Show more)
XOOPS is my life!
Posts: 4843
Since: 2003/5/26
#5

Re: HACKED BY KARTAL [ TURKiSH HACKER ]

I would definitely advise any user with a version before 2.0.16 to upgrade.... although obviously test your installation first, and backup all your existing site & data....

There has been a LOT of security updates since the days of 2.0.9

zeroram

Friend of XOOPS
Posted on: 2007/1/5 16:49
zeroram
zeroram (Show more)
Friend of XOOPS
Posts: 326
Since: 2004/6/30
#6

Re: HACKED BY KARTAL [ TURKiSH HACKER ]

Seem this guy belong to one of this groups... to trace him is going to be really hard...

check this site:

http://www.zone-h.org/component/option,com_frontpage/Itemid,1/


and try your best on you log files ( if your hosting have that feature) and try to find something useful you can use for tracing...