1
ashlyn
"Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/27 12:14

  • ashlyn

  • Just popping in

  • Posts: 8

  • Since: 2006/5/23


Got hacked, and the guy only created one page on both modules, then linked to it, leaving all the previous info there, but with line breaks enabled, so it broke the pages.

Could not edit anything in admin, so had to go into the database and do it manually.

Now can not edit anything in admin due to "Error while updating database!" OR "Could not add contents"

Although I've fixed it manually, I'm sure it's vulnerable to another attack. Is there a fix for this, without having to redo the whole site?

Thanks for any tips.

** Add

Just about the whole site is busted. Can't get any icons in the admin panel, and when i try to go to the control panel it keeps telling me this is my first time, and reloads the page when I try to log in. (checked cookies, exceptions etc with no luck)

Can't post to the forum, nor news articles.
I guess a complete redo of site might not be out of the question. Does this mean the database is corrupted too?

2
McDonald
Re: "Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/27 13:54

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


What's the version of your XOOPS website and installed modules?

Do you have Protector installed and if yes is it installed the correct way (outside the root)?

3
ashlyn
Re: "Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/28 6:31

  • ashlyn

  • Just popping in

  • Posts: 8

  • Since: 2006/5/23


Xoops version 2.0.13.2
Pages module version 1.5
FAQ module version 1.1
Forum version 1

Don't know what Protector is, so obviously I don't have it installed.
** edit - downloading v 2.5 now.
(will this work if the site has already been messed with?)

This script kiddie has locked me out of just about the whole site. I can edit in the database, but not via the site admin. Users (and admins) can't submit news, forum posts, events etc. Admin panel link icons are missing in the left of the page, so I can go nowhere normally (have to go to modules then the desired one)

Thanks again for any tips you can give.

4
ghia
Re: "Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/28 7:10

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


If you have still access to the database via phpMyAdmin go to the users table and check that uid 1 has still your name (uname (and loginname)) and that email has still your correct address. If not adapt.
Then do the lost passsword routine.
After login check you are the only user belonging to the webmasters group and close the site. Verify all permissions of all users. Change all passwords on all managment levels. Read and follow the advices for hacked sites.

5
Mamba
Re: "Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/28 7:13

  • Mamba

  • Moderator

  • Posts: 11209

  • Since: 2004/4/23


For a starter, you should read this article: A Guide to Make your XOOPS Installation even more secure

You should invest some time and update your XOOPS Version to 2.3.2b, or if you're not in hurry, wait for the 2.3.3 that should be released soon as RC1 (Release Candidate 1). You might also update the modules, if they have a newer version (e.g. Forum could be updated to CBB 3.08)

Protector is a must! But you should install the new version 3.32

But make sure that you understand how the hacker got into your system, so you can fix it. For example, check if there are new users with Webmaster privileges, and delete them.
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

6
ashlyn
Re: "Pages" and "FAQ" Modules hacked (2.0.13.2)
  • 2009/1/28 8:58

  • ashlyn

  • Just popping in

  • Posts: 8

  • Since: 2006/5/23


Thanks Mamba and Ghia.

I'm just gonna bite the bullet and redo the whole site with the updated versions + Protector.

Understanding how the hacker got in is the main thing. I have no idea how, or when (it was at least 1 month ago. I'm the webmaster and site admin, but I don't participate that often). No idea where to start looking.

Thanks again for your help.. both of you

Login

Username:
Password:

Lost Password? Register now!

Who's Online

79 user(s) are online (55 user(s) are browsing Support Forums)


Members: 0


Guests: 79


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits