HELP! I WAS HACKED!
HELP! I WAS HACKED!
I'm using version 1.3.3 and there's no current info about security alerts for this version. How do I prevent being hacked again???!!!???
This is what I know:
They added a index.html page to supercede the index.php and in the config folder they added an images folder and a hacker.htm file. The site said "YOU HAVE BEEN HACKED BY DRACULA" with a picture of a skull and cross bones then "Hacked by dracula hacker."
I don't know enough about php to prevent this from happening agian but I'd think others would want to know so it can be prevented for everyone else.
Please help me fix it and if you need more information let me know what.
Thanks!
This is what I know:
They added a index.html page to supercede the index.php and in the config folder they added an images folder and a hacker.htm file. The site said "YOU HAVE BEEN HACKED BY DRACULA" with a picture of a skull and cross bones then "Hacked by dracula hacker."
I don't know enough about php to prevent this from happening agian but I'd think others would want to know so it can be prevented for everyone else.
Please help me fix it and if you need more information let me know what.
Thanks!
Hi,
I don´t know about a sec. hole in V1.3.3.
- All setup folders are gone? (and e.g. /include/inc_module/mod_glossary/setup/* too?).
- If you use plesk8.x, have you inserted the last sec. patch?
- Is this a virtual server? (Cross scripting)
- Other script running on this account?
- safe_mode ON? (Only for using ImageMagick to Off)
- register_globals Off?
I don´t know about a sec. hole in V1.3.3.
- All setup folders are gone? (and e.g. /include/inc_module/mod_glossary/setup/* too?).
- If you use plesk8.x, have you inserted the last sec. patch?
- Is this a virtual server? (Cross scripting)
- Other script running on this account?
- safe_mode ON? (Only for using ImageMagick to Off)
- register_globals Off?
>> HowTo | DOCU | FAQ | TEMPLATES/DOCS << ( SITE )
cms backend -> phpinfoWhere do I check safemode?
Where do i check register globals?
I don´t know "lunarpages".
plesk is a provider backend software.
Have a look into the apache log files if you can.
>> HowTo | DOCU | FAQ | TEMPLATES/DOCS << ( SITE )
http://www.lunarpages.com
i'll check phpinfo
i can look at raw logs. is this right? what am i looking for in the log files?
i'll check phpinfo
i can look at raw logs. is this right? what am i looking for in the log files?
OK I found a file called act_phpinfo.php it has this:
Then I thought maybe you meant PHP info as part of my hosting so I looked for something there but didn't see anything that looked right.
Code: Select all
// session_name('hashID');
session_start();
$phpwcms = array();
require_once ('../../config/phpwcms/conf.inc.php');
require_once ('../inc_lib/default.inc.php');
require_once (PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php');
require_once (PHPWCMS_ROOT.'/include/inc_lib/general.inc.php');
require_once (PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php');
require_once (PHPWCMS_ROOT.'/include/inc_lib/checklogin.inc.php');
if($_SESSION["wcs_user_admin"] == 1) { //Wenn Benutzer Admin-Rechte hat
phpinfo();
}
phpinfo()
-> login cms backend -> admin -> phpinfo() (At the lower-left corner of the page).
Or use this in a file at your cms root
-> login cms backend -> admin -> phpinfo() (At the lower-left corner of the page).
Or use this in a file at your cms root
<?php phpinfo(); ?>
>> HowTo | DOCU | FAQ | TEMPLATES/DOCS << ( SITE )
- Please switch safe mode to On if you don´t use ImageMagick.
- Please reorganize your passwords (FTP, cms, provider backend ....)
Don´t use firstnames, birthdays .... - better use a combination like e.g. xZ33-be08
- http folder listing at your account is switched to off?
- Did you use a contact form?
- http://25yearsofprogramming.com/blog/20070705.htm
I think it isn´t a cms problem.
Knut
- Please reorganize your passwords (FTP, cms, provider backend ....)
Don´t use firstnames, birthdays .... - better use a combination like e.g. xZ33-be08
- http folder listing at your account is switched to off?
- Did you use a contact form?
- http://25yearsofprogramming.com/blog/20070705.htm
I think it isn´t a cms problem.
Knut
Last edited by flip-flop on Fri 21. Sep 2007, 07:32, edited 2 times in total.
>> HowTo | DOCU | FAQ | TEMPLATES/DOCS << ( SITE )
- Oliver Georgi
- Site Admin
- Posts: 9907
- Joined: Fri 3. Oct 2003, 22:22
- Contact:
It seems Lunarpages has problems in general: Have a look at this
Normally phpwcms is (should be) safe - and I have not heard of any other hacked 1.3.3.
Oliver
Normally phpwcms is (should be) safe - and I have not heard of any other hacked 1.3.3.
Oliver
Unfortunately when I contacted LunarPages about the problem they just wanted to say there was a vulnerability in PHPWCMS and didn't offer any help beyond that.
My first thought was that if there were a problem with the hosting security they'd never admit it to me and I'd have no way to prove it.
Where do I set the safemode to on?
I'll change all my passwords
http folder listing switched to off is something i'm not knowledgeable about. How do I know and how do I switch it?
Yes there is a contact form
THANK YOU!
My first thought was that if there were a problem with the hosting security they'd never admit it to me and I'd have no way to prove it.
Where do I set the safemode to on?
I'll change all my passwords
http folder listing switched to off is something i'm not knowledgeable about. How do I know and how do I switch it?
Yes there is a contact form
THANK YOU!
- Oliver Georgi
- Site Admin
- Posts: 9907
- Joined: Fri 3. Oct 2003, 22:22
- Contact:
If they say phpwcms has vulnerability problems - ask them which exactly.
If they offer Fantastico - hey - this might be the case. phpwcms in Fantastico is not supported. But phpwcms 1.3.3 is - as far I know - not part of Fantastico.
I think you have no chance to change safe_mode or directory listing - ask your admin how to do that. Because these are general things - try Google.
Oliver
If they offer Fantastico - hey - this might be the case. phpwcms in Fantastico is not supported. But phpwcms 1.3.3 is - as far I know - not part of Fantastico.
I think you have no chance to change safe_mode or directory listing - ask your admin how to do that. Because these are general things - try Google.
Oliver
@ Oliver: I still don't understand ...Oliver Georgi wrote:... If they offer Fantastico - hey - this might be the case. phpwcms in Fantastico is not supported. But phpwcms 1.3.3 is - as far I know - not part of Fantastico ...
why Netenberg.com (Fantastico) stills offer this old PhpWCMS version (1.1-RC4 Rev. A)
This sure not helps verymuch
Cheers,
Yves
PhpWCMS Evangelist, -- iRoutier.com Running phpWCMS 1.4.2, r354 -> Great Version!!!!
- Oliver Georgi
- Site Admin
- Posts: 9907
- Joined: Fri 3. Oct 2003, 22:22
- Contact: