Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

PHPFusion Australia Hacked for 3rd Time

Asked Modified Viewed 3,327 times
T
Trix
T
Trix 10
  • Junior Member, joined since
  • Contributed 44 posts on the community forums.
  • Started 18 threads in the forums
  • Started this discussions
asked
Junior Member

G'day All,

Just letting you know PHPFusion Australia has been hacked for the 3rd time. I'm up to date with every bit of code, including the latest critical release. I'm not sure how they are doing it but PHPFusion Australia has been hacked again, with a news post. Any help with to how this is been done would be great. Until I'm satisfied with the security of the site, it will remain closed.

:(
0 replies

15 posts

2
2old
2
2old 10
  • Member, joined since
  • Contributed 89 posts on the community forums.
  • Started 6 threads in the forums
answered
Member

So sorry, really bad news that. :(

You said hacked with a news post - by hacked do you mean admin rights grabbed, defacement or something else?

Ok, will understand if you don't want to post full details, but as a Php-Fusion user with a few sites (and client sites) I'd really appreciate a few more details and maybe I can help. Feel free to PM me.
0 replies
K
kejonn
K
kejonn 10
  • Member, joined since
  • Contributed 160 posts on the community forums.
  • Started 16 threads in the forums
answered
Member

Well, if this is the case - a news post - are you referring to a comment to a news item or a news submission? If the latter, you approved it :o. With the exploits lately, and the fact that you've been hacked, it would seem you would take more care in what is approved. If a comment, then that would be more interesting...
0 replies
T
Trix
T
Trix 10
  • Junior Member, joined since
  • Contributed 44 posts on the community forums.
  • Started 18 threads in the forums
  • Started this discussions
answered
Junior Member

G'day Guys,

It was a news post, using my account. I'm not sure how they are accessing my account, or how they are doing it. If you guys would like, I can open the site, so you can see what they have done?? If you do let me know.

Cheers
0 replies
2
2old
2
2old 10
  • Member, joined since
  • Contributed 89 posts on the community forums.
  • Started 6 threads in the forums
answered
Member

If you want to open it a bit quick I'll stay online and take a look
0 replies
2
2old
2
2old 10
  • Member, joined since
  • Contributed 89 posts on the community forums.
  • Started 6 threads in the forums
answered
Member

Sorry gotta go 2:30 in the morning uk time and I'm knackered. Have to catch up with the thread tomorrow ;)
0 replies
F
Funk
F
Funk 10
  • Newbie, joined since
  • Contributed 3 posts on the community forums.
answered
Newbie

Nuts! Being an Aussie I was looking forward to contributing to the community and sticking with it.

It's a shame this is happening and it seems pretty childish for the culprit to keep doing this.

I hope this gets sorted out :(
0 replies
I
iunruh
I
iunruh 10
  • Member, joined since
  • Contributed 148 posts on the community forums.
  • Started 15 threads in the forums
answered
Member

It is a great site, too bad there are stupid hackers in the world
0 replies
B
bbene
B
bbene 10
Ben Benesh
Support Team Member
  • Member, joined since
  • Contributed 74 posts on the community forums.
  • Started 1 thread in the forums
answered
Member

You may have had a bad image before the upgrade. Check for bad images in your avatars and change your password if you haven't already done so.
0 replies
F
Falk
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

Trix, i suggest you try running my avatar and forum image checker infusions. Basically it displays the images in a gallery, if an image is blank chances are its a baddy, you can safely inspect or delete any baddies.

Requires v6.01.3

Avatar checker attached
0 replies
F
Falk
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

Forum image checker
Edited by Falk on 05-07-2006 12:11,
0 replies
K
Ken
K
Ken 10
No Support by PM. Please use the forum.
  • Senior Member, joined since
  • Contributed 713 posts on the community forums.
  • Started 43 threads in the forums
answered
Senior Member

Sweet :)
0 replies
M
muscapaul
M
Paul

Time flies like an arrow, fruit flies like banana (Groucho Marx)

Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
  • Veteran Member, joined since
  • Contributed 1,075 posts on the community forums.
  • Started 8 threads in the forums
answered
Veteran Member

Both were run and did not yield anything. I guess it may be necessary to check if other files are present (php files in either attachments or avatars). One user account in the name of a known hacker was found (including a known email address) and the member was banned. A blacklist was created to reduce the chances of the culprit returning.
0 replies
2
2old
2
2old 10
  • Member, joined since
  • Contributed 89 posts on the community forums.
  • Started 6 threads in the forums
answered
Member

Also don't rule out the possibility that php-fusion was not the method of entry.

Without posting details, there are methods to drop a couple of files into any folder that is chmod 777. They gain access to cpanel and ftp - cpanel being the worse as once they gain access to phpmyadmin or similar, the fusion db can be altered and they are into your cms as super admin.

Let's hope that Digi's infusions find something and you can knock this hack on the head once and for all.
0 replies
K
Komanci
K
  • Newbie, joined since
  • Contributed 1 post on the community forums.
answered
Newbie

http://www.securityfocus.com/archive/1/438938/30/0/threaded

B)B)B)B)
0 replies
D
Danish1977
D
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
  • Member, joined since
  • Contributed 76 posts on the community forums.
  • Started 10 threads in the forums
answered
Member

Quote

Trix wrote:
G'day All,

Just letting you know PHPFusion Australia has been hacked for the 3rd time. I'm up to date with every bit of code, including the latest critical release. I'm not sure how they are doing it but PHPFusion Australia has been hacked again, with a news post. Any help with to how this is been done would be great. Until I'm satisfied with the security of the site, it will remain closed.

:(


Let me guess.
You got hacked a cpl of days ago, prolly a belgian IP address, defacing the main page with a black screen, showing the turkish flag.?

A known guy is around and pretty much known, several Email addresses and nicks are known.

What happened was, if you ask me, a little piece of scrit in a jpg image called bb.jpg probably...was with me.

With that little "image-scripting" he stole your cookie after you clicked his image after recieving a PM that his avatar was broken. That executes the script and bingo, he got the logon for your account if cookies are ON.
After that, he could just log in EVEN after you upgrading, and make a nice news...

What i mean is, it's leftovers from first hack attempt, and you have no need to worry for now, no other exploits are known as of right now, so if updated, just make a new password that you haven't used anywhere else, that'll keep him off your back for now i think.

Also this thread got our earlier exploit:
http://www.securityfocus.com/archive/...e/1/433277
Edited by Danish1977 on 05-07-2006 14:52,
0 replies

Category Forum

General Discussion

Labels

None yet

Statistics

  • Views 0 views
  • Posts 15 posts
  • Votes 0 votes
  • Topic users 11 members

11 participants

F
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
B
B
bbene 10
Ben Benesh
Support Team Member
  • Member, joined since
  • Contributed 74 posts on the community forums.
  • Started 1 thread in the forums
M
M
Paul

Time flies like an arrow, fruit flies like banana (Groucho Marx)

Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
  • Veteran Member, joined since
  • Contributed 1,075 posts on the community forums.
  • Started 8 threads in the forums
K
K
Ken 10
No Support by PM. Please use the forum.
  • Senior Member, joined since
  • Contributed 713 posts on the community forums.
  • Started 43 threads in the forums
D
D
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
  • Member, joined since
  • Contributed 76 posts on the community forums.
  • Started 10 threads in the forums
I
I
iunruh 10
  • Member, joined since
  • Contributed 148 posts on the community forums.
  • Started 15 threads in the forums
K
K
kejonn 10
  • Member, joined since
  • Contributed 160 posts on the community forums.
  • Started 16 threads in the forums
T
T
Trix 10
  • Junior Member, joined since
  • Contributed 44 posts on the community forums.
  • Started 18 threads in the forums
  • Started this discussions
2
2
2old 10
  • Member, joined since
  • Contributed 89 posts on the community forums.
  • Started 6 threads in the forums
F
F
Funk 10
  • Newbie, joined since
  • Contributed 3 posts on the community forums.
K
K
  • Newbie, joined since
  • Contributed 1 post on the community forums.

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet