Jump to content

Hacked by K@lem?

Stormgaard

By Stormgaard
in PHP Coding Help

 Share

Recommended Posts

Stormgaard Newbie

Stormgaard

Posted
Posted
I run a WoW/Gaming guild website and woke up to find we'd been hacked by [b]"Turkish Hacker K@lem"[/b] (whoever the f*ck that is).  Anyways, I did a quick Google search on "K@lem" and found that he's hit other fantasy/gaming sites before - there are a lot of cached pages out there with examples of his work.

Anyone know how to fix the damage he causes?

Here's our site: http://www.se7ensamurai.com
Link to comment
https://forums.phpfreaks.com/topic/14026-hacked-by-klem/
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted
I don't know how your site is supposed to look. But I think it's just the title that has been changed, and a news item has been posted on the front page.

[b]Edit:[/b] I found this in the source code:
[code]<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/">[/code] three times after each other. Remove it in the skin and it will be fixed.
Link to comment
https://forums.phpfreaks.com/topic/14026-hacked-by-klem/#findComment-54780
Share on other sites
Prismatic Member

Prismatic

Posted
Posted
No it's a redirect exploit.. Look in your php-nuke, near the footer of the whole site, you will see 3 lines.

[code]<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>
<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>
<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>[/code]

That right there is what redirects you. I'm guessing he got access to an admin account and posted a custom footer with that info.


Hes basically a script kiddy, because any real "hacker" would just totally delete the php-nuke install and upload his own index.html/php  ;D
Link to comment
https://forums.phpfreaks.com/topic/14026-hacked-by-klem/#findComment-54781
Share on other sites
tomfmason Advanced Member

tomfmason

Posted
Posted
I would contact my host if I were you. They might possibly be able to tell when the last time your site was accessed via ftp then cross reference that with any web static software that you may have like webalizer or urchin. If so you can get there IP address and report them to there ISP.
Link to comment
https://forums.phpfreaks.com/topic/14026-hacked-by-klem/#findComment-54790
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.