Hacked weblinks panel...
Asked Modified Viewed 4,760 times
radiofreebcj
radiofreebcj 10
- Member, joined since
- Contributed 73 posts on the community forums.
- Started 11 threads in the forums
- Started this discussions
My weblinks panel on my personal site ( www.jeffbirmingham.com ) has been hacked and I can't figure out how to disable it. I go into my admin page to control panels and disable and erase it, and everything is fine but a day later...it's back again. It's an empty panel, but contains a lot of spam in the actual code when I look at it through the admin page. It's always the same, and it always comes back. It's not there right now...but I can guarantee you that it's not going to last like this for long.
How do I get rid of this?
How do I get rid of this?
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
Not the first one, I think there is a new hole in panels...
radiofreebcj
radiofreebcj 10
- Member, joined since
- Contributed 73 posts on the community forums.
- Started 11 threads in the forums
- Started this discussions
So, if this is a problem that others have seen...is there a way to fix it? I've been going back to my website every second day to disable and then remove the panel, but it just keeps coming back.
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
I remember I wanted to create sniffer who will log visitors ip, and all what he did on website, such thing would remove gap from whats going on with PHPFusion panels in less than 5 mins you would be able to find every hacker move, however Starefossen forbid me from creating such script, so lets continue thinking what it is page owners fault.
Edited by bite on 08-07-2009 01:21,
Quote
radiofreebcj wrote:
So, if this is a problem that others have seen...is there a way to fix it? ...
I've had this problem for many months. The fix that works for me is to delete the weblinks panel and then rename panel_editor.php to something else (or remove it altogether). Haven't had a problem since, but it does mean you have to put back panel_editor.php whenever you want to edit your panels, but that is a small price to pay.
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Quote
bite wrote:
I remember I wanted to create sniffer who will log visitors ip, and all what he did on website, such thing would remove gap from whats going on with PHPFusion panels in less than 5 mins you would be able to find every hacker move, however Starefossen forbid me from creating such script, so lets continue thinking what it is page owners fault.
Please enlighten me! What reason could there be not to create a sniffer?
In fact it is a statistics program for accumulation and analysis of your site.
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
@Wanabo: I have no idea, ask administrators.
EDIT: the possible solution is to make administration accessible only from certain IP's.
EDIT: the possible solution is to make administration accessible only from certain IP's.
Edited by bite on 08-07-2009 11:43,
— 28 days later —
answered
Even though you may have fixed this by now, I thought I would chime in.
I had my site hacked this way. It means that your site was compromised and they have your admin passwords.
I am usually good with keeping up with the changes to ver 6 (and am still using 6 since I have too many mods that wont work with 7). From what I could tell it was the search.php? from several versions back that was used to grab your password hashes. I didn't notice it until a couple days after I upgraded to the lastest version of 6. The person doesnt change anything on the site except add that invisible weblinks file. His way of getting your passwords probably has been fixed, but he had been doing this for a while without me knowing.
It wasn't until I was changing a mod after I had upgraded that I noticed when I viewed the site's code that I had been hacked. Since nothing had been noticably changed, it went on for quite a while unnoticed.
Changing or deleting that file will not help because if you watch your logs, he will come back and repost it.
Suggestions on how to permanently fix this, upgrade to the newest version of 6. CHANGE ALL YOUR ADMIN PASSWORDS! I changed mine, but my brother never changed his so they stopped using my password and started using his. It proves that they had ALL the passwords for all the users.
I had my site hacked this way. It means that your site was compromised and they have your admin passwords.
I am usually good with keeping up with the changes to ver 6 (and am still using 6 since I have too many mods that wont work with 7). From what I could tell it was the search.php? from several versions back that was used to grab your password hashes. I didn't notice it until a couple days after I upgraded to the lastest version of 6. The person doesnt change anything on the site except add that invisible weblinks file. His way of getting your passwords probably has been fixed, but he had been doing this for a while without me knowing.
It wasn't until I was changing a mod after I had upgraded that I noticed when I viewed the site's code that I had been hacked. Since nothing had been noticably changed, it went on for quite a while unnoticed.
Changing or deleting that file will not help because if you watch your logs, he will come back and repost it.
Suggestions on how to permanently fix this, upgrade to the newest version of 6. CHANGE ALL YOUR ADMIN PASSWORDS! I changed mine, but my brother never changed his so they stopped using my password and started using his. It proves that they had ALL the passwords for all the users.
Edited by blueadept on 06-08-2009 00:27,
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
Well, not only PHPFusion gets random JavaScript and Iframes and so on... I think problem somewhere in PHP or server software or server OS.
Also, I found this in Google support.
Also, I found this in Google support.
Edited by bite on 06-08-2009 01:34,
answered
Quote
blueadept wrote:
Even though you may have fixed this by now, I thought I would chime in.
I had my site hacked this way. It means that your site was compromised and they have your admin passwords.
I am usually good with keeping up with the changes to ver 6 (and am still using 6 since I have too many mods that wont work with 7). From what I could tell it was the search.php? from several versions back that was used to grab your password hashes. I didn't notice it until a couple days after I upgraded to the lastest version of 6. The person doesnt change anything on the site except add that invisible weblinks file. His way of getting your passwords probably has been fixed, but he had been doing this for a while without me knowing.
It wasn't until I was changing a mod after I had upgraded that I noticed when I viewed the site's code that I had been hacked. Since nothing had been noticably changed, it went on for quite a while unnoticed.
Changing or deleting that file will not help because if you watch your logs, he will come back and repost it.
Suggestions on how to permanently fix this, upgrade to the newest version of 6. CHANGE ALL YOUR ADMIN PASSWORDS! I changed mine, but my brother never changed his so they stopped using my password and started using his. It proves that they had ALL the passwords for all the users.
You could be right, but you don't have to be either. I had an old site that weblinks got hacked tons of times.
I just entered a simple check in my panel_editor file so that only the superadmin could access it. This stopped the hacks at once and this has to be a sign that they did not have the password.
But I guess it's a pointless discussion since keeping a V6 site is a big no no anyway :)
answered
next time please post your php-fusion version.
i think, you're using old version.
newest ist 6.01.18 !
after this, change ALL super-admin PW.
use completly new PW ! not from other installations.
change ALL PW of admins with panel_editor access !
install sec-system from bs-fusion.
good luck !
ndm
i think, you're using old version.
newest ist 6.01.18 !
after this, change ALL super-admin PW.
use completly new PW ! not from other installations.
change ALL PW of admins with panel_editor access !
install sec-system from bs-fusion.
good luck !
ndm
answered
hi,
i went to use a link on my site and was taken to a different advertising site in the usa. i have looked at my weblinks panel and have also had random code placed in here. deleting this panel has stopped my problem (for the moment).
after reading this thread i have decided to update to the very lastest version of V6 and change all the passwords for the admin. the question i have is how do i find out the exact version number that i am running (so i can start updating from the right file) and will i need to back up (i have but dont know where the file has saved to)? any help would be grateful thanks.
i went to use a link on my site and was taken to a different advertising site in the usa. i have looked at my weblinks panel and have also had random code placed in here. deleting this panel has stopped my problem (for the moment).
after reading this thread i have decided to update to the very lastest version of V6 and change all the passwords for the admin. the question i have is how do i find out the exact version number that i am running (so i can start updating from the right file) and will i need to back up (i have but dont know where the file has saved to)? any help would be grateful thanks.
Category Forum
Official Core Support - 6Labels
None yet
Statistics
- Views 0 views
- Posts 11 posts
- Votes 0 votes
- Topic users 8 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions