my site hacked by hacke and they put one file in my server
here is this file address
http://www.dadhor.ir/phpwcms_filestorage/index.php
the phpwcms_filestorege directory has CHMOD 777 i think hacker use this for puting file in this directory i still dont delete this file
are you have any idea about problem?
thank alot
my site hacked by hacker
Hi babamjan,
----------------------------------------------
1. See above Important!!!! And do it please.
2. Easy Username and PW?
3. Setup-Folder?
4. Easy FTP-User and PW?
5. Easy myphpAdmin-folder User and PW?
6. Trojaner/Sniffer at you client?
---------------------------------------------------
1. Scan your client. adaware ........
2. Rename FTP User/PW
3. Move all root files to your local disk. (index.php phpwcms.php ......)
The site isn´t accessible after this.
4. Rename all User/PW of DB, phpmyAdmin.
5. MAke a complete backup to your local HD.
5. If you have a normaly installation without hacks/mods, please kill all files and folders. Without the files from the folder phpwcms_filestorage.
There may not exist files including the extend "php" or "js". Please kill them all.
6. New and clean installation without a new DB. -> Don´t use the setup prg. Copy all files from your installation base to your server without the folder "phpwcms_code_snippets"!!!!!. http://www.phpwcms-docu.de/installation_en.phtml
Copy your old conf.inc.php to your server and edit the new User/PW for the DB.
That´s all.
Gruß
Quick and dirty help:O.G. wrote:sorry to inform you on this way. A possible security problem existis if you have "phpwcms_code_snippets" installed on your web server too.
Please! Remove "phpwcms_code_snippets" immediately! This is very important.
"phpwcms_code_snippets" is not used within phpwcms and only contains some code samples.
By the way - also check you have removed or renamed the "setup" folder.
----------------------------------------------
1. See above Important!!!! And do it please.
2. Easy Username and PW?
3. Setup-Folder?
4. Easy FTP-User and PW?
5. Easy myphpAdmin-folder User and PW?
6. Trojaner/Sniffer at you client?
---------------------------------------------------
1. Scan your client. adaware ........
2. Rename FTP User/PW
3. Move all root files to your local disk. (index.php phpwcms.php ......)
The site isn´t accessible after this.
4. Rename all User/PW of DB, phpmyAdmin.
5. MAke a complete backup to your local HD.
5. If you have a normaly installation without hacks/mods, please kill all files and folders. Without the files from the folder phpwcms_filestorage.
There may not exist files including the extend "php" or "js". Please kill them all.
6. New and clean installation without a new DB. -> Don´t use the setup prg. Copy all files from your installation base to your server without the folder "phpwcms_code_snippets"!!!!!. http://www.phpwcms-docu.de/installation_en.phtml
Copy your old conf.inc.php to your server and edit the new User/PW for the DB.
That´s all.
Gruß
>> HowTo | DOCU | FAQ | TEMPLATES/DOCS << ( SITE )