I Been HACKED!!
Asked Modified Viewed 3,224 times
asked
But I got the site back up.
Now I'm trying to find out how they did it and prevent it from happeing again.
From what I can tell a scirt renamed all the index.htm/html/php files on my server. I could not even get to Control panel.
I replace those got half the site backup but not my Fusion part. Found out they replaced the maincore.php file. Reupload that file and all is good. Here is what there file had in it
I had image shack remove there image. Any one have any ideas how they got in?
Now I'm trying to find out how they did it and prevent it from happeing again.
From what I can tell a scirt renamed all the index.htm/html/php files on my server. I could not even get to Control panel.
I replace those got half the site backup but not my Fusion part. Found out they replaced the maincore.php file. Reupload that file and all is good. Here is what there file had in it
Code Download source
<html> <head> <meta http-equiv="Content-Language" content="tr"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>HACKED BY WORLDHACKERZ.ORG</title> </head> <body text="#FF0000" bgcolor="#000000"> <p align="center"><b><font face="Century Gothic" size="6" color="#FFFFFF"> WorldHackerz [ dot ] oRg</font><font face="Century Gothic" size="6" color="#FFFF00"><br> <br> </font><font face="Century Gothic" size="6" color="#008000">HACKED!<br> </font></b><img src="http://img293.imageshack.us/img293/6889/defacevz0.jpg"><b><font face="Century Gothic" size="6" color="#008000"><br> </font><font face="Century Gothic" size="4" color="#FFFFFF">TeaM - OrJiNaLDeLi ! - AhmetFeneR - Hack3r_e - Pisko - S3RD4R-X<br> <br> This Web Page Hacked!</font></b></p> </body> </html> I had image shack remove there image. Any one have any ideas how they got in?
answered
You can't rename the Files from Inside PHPFusion unless you set CHMOD 777 to all of them. So it is more likely that either your host's server or your ftp account was compromised.
pher-d
pher-d 10
www.phpfusion-tr.com
PHP Fusion TransFusion Official Turkish Translator
PHP Fusion Turkey Official Support Site Administrator
PHP Fusion Official Crew Member
PHP Fusion TransFusion Official Turkish Translator
PHP Fusion Turkey Official Support Site Administrator
PHP Fusion Official Crew Member
- Member, joined since
- Contributed 113 posts on the community forums.
- Started 3 threads in the forums
what is your fusion version?
answered
I'm using v6.01.4 I did do an upgrade not too long ago but I'm not sure it was the lastest v6.01.5 I don't know if that shows up at the bottom.
It could have been the server, just makin sure
It could have been the server, just makin sure
answered
http://static.flickr.com/88/277351557...2c.jpg?v=0
Here is a Screen Cap
Ok, I replaced All the index files I could fine, but I still do not have a Menu in the Admin section. Can any one tell me what file I need to replace? I also have this at the top of Forums too.
Here is a Screen Cap
Ok, I replaced All the index files I could fine, but I still do not have a Menu in the Admin section. Can any one tell me what file I need to replace? I also have this at the top of Forums too.
Edited by amigaice on 23-10-2006 17:21,
answered
navigation.php in the administration folder is what you need
Also check your administration/index.php file in case you didn't or missed it.
Falk
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
check the locale files
I had the same problem when the whole server and all sites hosted there been atacked. Reupload following files:
administration:
index.php
navigation.php
settings_forum.php
settings_main.php
settings_links.php
settings_messages.php
settings_misc.php
settings_photo.php
settings_registration.php
settings_time.php
subheader.php
Hackers trying to replace all files which name contains word(s)
settings or main or both of them.
And of course all index.php files in all folders.
---
administration:
index.php
navigation.php
settings_forum.php
settings_main.php
settings_links.php
settings_messages.php
settings_misc.php
settings_photo.php
settings_registration.php
settings_time.php
subheader.php
Hackers trying to replace all files which name contains word(s)
settings or main or both of them.
And of course all index.php files in all folders.
---
answered
Thanks guys, you been a big help.
answered
Got It! It was in the local dir. Replace main.php in admin and forums.
answered
log to to your site host,
go to Mysql managment,
in there go to the Adminster you may have to login there.
when the list of the files comes up look for Fusion_users.
click on Fusion_users,
click on Browse.
look for the hacker's IP number.
copy and paste the number in notepad.
getout of Mysql
add this to your .htaccess with the hacker's IP like this
go to Mysql managment,
in there go to the Adminster you may have to login there.
when the list of the files comes up look for Fusion_users.
click on Fusion_users,
click on Browse.
look for the hacker's IP number.
copy and paste the number in notepad.
getout of Mysql
add this to your .htaccess with the hacker's IP like this
Code Download source
# Begin IP blocking #
Order Allow,Deny
Deny from 213.252.221
Allow from all
# End IP blocking #Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 11 posts
- Votes 0 votes
- Topic users 8 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions