Xoops site hacked... [XOOPS general usage questions]

1

Xoops site hacked...

2009/12/18 15:14
aharon
Not too shy to talk
Posts: 172
Since: 2004/9/17

Hi,

A XOOPS site I run has been hacked.. :(

All http requests take me to another site, a porn site.. I looked for that site's URL in the database, and in the installed XOOPS files - but no joy..

I can not login as admin/user because each page takes me to that pron site..

Any ideas/clues what can be done to fix this? Where should I look?

Thanks!

2

Re: Xoops site hacked...

2009/12/18 15:53
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Probably a theme or index file is altered.
Delete all files and replace them from the latest known good backup.
You could also take a backup again and do a file compare with the latest known good backup.
Maybe also the file check (see release notes) could help.

(You didn't use the alias password from your last post?)

3

Re: Xoops site hacked...

2009/12/18 23:07
Mazar
Not too shy to talk
Posts: 191
Since: 2009/1/4 0

Check your .htaccess file in the root of your site. it might have been altered find any redirection set there and delete it.

4

Re: Xoops site hacked...

2009/12/19 1:17
aharon
Not too shy to talk
Posts: 172
Since: 2004/9/17

Thanks ghia for the ideas!

I did all your suggestions but for no avail. Indeed, putting the backup on, it seems to collapse the first page, and when I try to register, am being moved to the porn site.. (Turns out there are a few of these..)

5

Re: Xoops site hacked...

2009/12/19 1:47
aharon
Not too shy to talk
Posts: 172
Since: 2004/9/17

Thanks for the thought, LadyHacker. The htaccess on the root is fine..

The only thing I did which managed to slightly mitigate the hack is to change the name of the theme folder. When I do that, I can get to the file I want, e.g. user.php - but can not see anything.. It makes me think they might have changed something on the theme, but I can not find anything what so ever..

Many thanks!

6

Re: Xoops site hacked...

2009/12/19 2:21
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

That backup, is that done with the host admin panel? If that gets redirected too, when it is on a special port number, then it can be that your DNS records are altered.
Did you try a ping to your site and the porn site to see if the IP addresses are still different?

Check all the files of your theme for strange URL's with a search for http. Reload the theme files from a backup or the original ZIP file.

Did you run the file check?

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Xoops site hacked...

Re: Xoops site hacked...

Re: Xoops site hacked...

Re: Xoops site hacked...

Re: Xoops site hacked...

Re: Xoops site hacked...

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}