They keep hacking me. HELP!: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

hello. this morning i found my website hacked. luckily they only changed some stuff in index.php so i fixed it back.
i read some posts and i figured i'd defuse the event calendar. after a few hours i got hacked again. this time they deleted config.php

i had a backed up file so i fixed that too and now my site is in maintanance mode but i am afraid they will attack again.
PLEASE HELP.

0 replies

odle, please also check your panels if the hacker have added some suspicious code in there. You can also check the statusbar in your internet browser to see if some strange urls shows up there when you load your site.

0 replies

Falk

answered 6 Sep 2007 at 02:44 PM

Super Admin

Probably the calender (sql injection).

0 replies

YES !!!!!! FINALLY

I got the bastrard where i least expected it. He had created a custom page and pasted the script in there. and this is how he accessed it:

Code Download source

http://mywebsite.com/viewpage.php?page_id=23&&s=r&cmd=edit&file=./index.php

so now one last question:
is there a bug in the viewpage.php or was it the event calendar that got him through?

Edited by odle on 06-09-2007 06:48, 17 y

0 replies

AHHHHHHHHHHH
hacked again today. i think they left a shell somewhere but do you have any suggestions how to find it?

0 replies

They need database access, that way You can change your password

Disable ALL access to : Administrators | Costom Pages | Panels | DB Backup

just remove everyone from those. If that dont help they probably somehow gained access to the server that hosts Your site.

0 replies

please help me out here. i can't afford to reupload the whole site again because i have made so many changes (if that's the problem)

how can they still get my password?

0 replies

but i changed all the passwords 2 days ago

0 replies

if they deleted config.php, they hacked your ftp, webosting account or the server. you can't delete a read only file from within php

0 replies

September 3rd. hacked again.

0 replies

how am i going to know what file they left behind?

0 replies

Quote

TammyK wrote:
Also check the files on your server to be sure they didn't leave one behind that is allowing them to get back in even though you've disabled the event calendar.

Yes, this is right.
It is the best thing, if you upload all files of PHP-fusion up again.

And change the passwords of your database and FTP!

0 replies

Quote

odle wrote:
so if i disable all infusions i should be safe?

To be on the safe side:
- Update PHPFusion to the last version
- Update the Infusions to the last version
- read up on if the infusions you use are secure
- be sure that the passwords used of all the admins on your site are secure

0 replies

so if i disable all infusions i should be safe?

0 replies

take the event calender of http://wibix.de/infusions/pro_downloa...php?did=27
Wibix is a good programmer and his infusions are secure

0 replies

look here (its german)
http://support.phpfusion-de.com/forum...d_id=11666

disable some infusions ... and install the securityinfusion from bs-fusion.de

And change the admin and superadmin passwords ....

Edited by gozoc on 01-09-2007 13:16, 17 y

0 replies

Category Forum

Bugs and Errors - 6

Labels

None yet

Statistics

Views 0 views
Posts 15 posts
Votes 0 votes
Topic users 7 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

They keep hacking me. HELP!

15 posts

PHPFusion

Resources

Community

Development