SQL Injection
Asked Modified Viewed 2,748 times
asked
Hi everyone, i just had a bad experience, i looked in my Referral statistisk, and saw a link from a site called MADSPOT.org
and there they had a "Hacked site showoff" and it said this about my site:
http://daraiko.dk
Daraiko:**********
Method : sql injection
so they hacked my site, and got my account info... just thought i would let you know, so maybe this can be stopped, not very comforting.. :(
hope everyone has a nice weekend :)
Daraiko
www.daraiko.dk
Admin Edit: Removed your hashed password from the message for security reasons.
and there they had a "Hacked site showoff" and it said this about my site:
http://daraiko.dk
Daraiko:**********
Method : sql injection
so they hacked my site, and got my account info... just thought i would let you know, so maybe this can be stopped, not very comforting.. :(
hope everyone has a nice weekend :)
Daraiko
www.daraiko.dk
Admin Edit: Removed your hashed password from the message for security reasons.
Edited by N/A on 29-06-2008 18:52,
answered
Yours is a V6 site.
I think the lesson here is back up your DB and files regularly.
Quote
From your site.....
All user data was also lost
I think the lesson here is back up your DB and files regularly.
Quartzkyte
Quartzkyte 10
Mike
---------------------------------------
Quartzkyte, admin @ French N.S.S.
- Senior Member, joined since
- Contributed 404 posts on the community forums.
- Started 40 threads in the forums
Moving thread to V6 section...
Now, what V6 version are you running?
What 3rd party infusions do you have?
Now, what V6 version are you running?
What 3rd party infusions do you have?
Edited by Quartzkyte on 28-06-2008 12:07,
answered
HI, sorry about posting wrong..
im using php-fusion v6.01.15
i have:
The Kroax video infusion
Avatar resizer
i have done some rechearch, and found that the problem maybe is in the infusion "The Kroax"
and im doing some checking on that, and have just upgraded to the new version from them that was released a few days ago i think. and i have asked them if this is fixed in the new version and awaiting reply on that, but they are aware of the problem now.
it's never a good feeling when someone has had access to your site and to your database.. :(
now i have no idea if they have put a backdoor in or whatever... :(
so be careful out there fellow fusion users, be safe, backup and upgrade!
and help eachother! :)
Best wishes for a great weekend. :)
Daraiko
www.Daraiko.dk
im using php-fusion v6.01.15
i have:
The Kroax video infusion
Avatar resizer
i have done some rechearch, and found that the problem maybe is in the infusion "The Kroax"
and im doing some checking on that, and have just upgraded to the new version from them that was released a few days ago i think. and i have asked them if this is fixed in the new version and awaiting reply on that, but they are aware of the problem now.
it's never a good feeling when someone has had access to your site and to your database.. :(
now i have no idea if they have put a backdoor in or whatever... :(
so be careful out there fellow fusion users, be safe, backup and upgrade!
and help eachother! :)
Best wishes for a great weekend. :)
Daraiko
www.Daraiko.dk
answered
og and here is a link to some info i found on the problem ;)
http://www.securityfocus.com/bid/29976
http://www.securityfocus.com/bid/29976
answered
Yes, there's a fix in the most current news item and the fix is inlcuded in the newest release as well. Anyone using kroax should upgrade asap.
Oh, and if you want quicklink to the patch, here it is.
http://www.venue.nu/patch/kroax.zip
Oh, and if you want quicklink to the patch, here it is.
http://www.venue.nu/patch/kroax.zip
Edited by fetloser on 28-06-2008 18:31,
answered
Thank you very much :)
i have upgraded to Kroax RC2 and updated it with the link you sent me to be safe ;)
Does anyone know if there is an infusion to check the database for backdoors?? :)
i have upgraded to Kroax RC2 and updated it with the link you sent me to be safe ;)
Does anyone know if there is an infusion to check the database for backdoors?? :)
googlebot
googlebot 10
Visit the new home of the merge between Hacking Vs. Security and Security Override!
My copyright removal has been switched over from HvS to SecurityOverride.
My copyright removal has been switched over from HvS to SecurityOverride.
- Senior Member, joined since
- Contributed 638 posts on the community forums.
- Started 28 threads in the forums
Quote
Daraiko wrote:
Thank you very much :)
i have upgraded to Kroax RC2 and updated it with the link you sent me to be safe ;)
Does anyone know if there is an infusion to check the database for backdoors?? :)
Sorry (actually not) to break it to you, but there is no such thing as a backdoor in a database. A backdoor is a way to "re-hack" the site. If you upgrade to v7 or replace all PHPFusion files, there is no way for a backdoor to be maintained. The most that they could do with database access is to change your (a.k.a. admin) password, or another admin's password (if there is another admin), or create a new user and make that user an admin. Just check for any admins (or other positions of power) that you did not assign/did not previously know about.
Basti
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]
http://basti2web.de - Support Site for my infusions
http://basti2web.de - Support Site for my infusions
- Veteran Member, joined since
- Contributed 1,099 posts on the community forums.
- Started 32 threads in the forums
But there could be any bad code in the database, too.
Remember that you can execute PHP-Code in Panels and Custom pages ;)
Remember that you can execute PHP-Code in Panels and Custom pages ;)
answered
ok :)
thank you very very much ;)
i have not upgraded to v7 yet, but thinking about it, it looks soo good, i have installed it on another of my domain ( www.junglebajer.dk ) to try it out ;)
and i love the tighter security on it too and more setings ;)
im loving what i see, just need to see if my infusion and things work aswell ;)
GREAT WORK GUYS !! :)
thank you very very much ;)
i have not upgraded to v7 yet, but thinking about it, it looks soo good, i have installed it on another of my domain ( www.junglebajer.dk ) to try it out ;)
and i love the tighter security on it too and more setings ;)
im loving what i see, just need to see if my infusion and things work aswell ;)
GREAT WORK GUYS !! :)
answered
That was great thanks for letting us know, it came handy.
V7 looks good but im also waiting for themes and few other infusions to be upgraded such as the better banners by method man, the index forum, moderator...kroax is cool.
V7 looks good but im also waiting for themes and few other infusions to be upgraded such as the better banners by method man, the index forum, moderator...kroax is cool.
answered
is this for real?
i have never heard of antivirus for php??
have anyone any idea of this?
i have never heard of antivirus for php??
have anyone any idea of this?
KonickMultimedia
Free Online Games: http://www.gamescut.com
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 9 threads in the forums
Quote
ignas2526 wrote:
EDITED by KEFF. Double post, also deleted.
Is it me or are you constantly posting useless crap anywere...
Edited by KEFF on 29-06-2008 23:00,
answered
ignas2526 hereby banned for double posting and also passing out links with outdated software with hundreds of popups. We don't want that.
Category Forum
Official Core Support - 6Labels
None yet
Statistics
- Views 0 views
- Posts 13 posts
- Votes 0 votes
- Topic users 9 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions