Jump to content

Hacked by K@lem?


Stormgaard

Recommended Posts

I run a WoW/Gaming guild website and woke up to find we'd been hacked by [b]"Turkish Hacker K@lem"[/b] (whoever the f*ck that is).  Anyways, I did a quick Google search on "K@lem" and found that he's hit other fantasy/gaming sites before - there are a lot of cached pages out there with examples of his work.

Anyone know how to fix the damage he causes?

Here's our site: http://www.se7ensamurai.com
Link to comment
Share on other sites

I don't know how your site is supposed to look. But I think it's just the title that has been changed, and a news item has been posted on the front page.

[b]Edit:[/b] I found this in the source code:
[code]<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/">[/code] three times after each other. Remove it in the skin and it will be fixed.
Link to comment
Share on other sites

No it's a redirect exploit.. Look in your php-nuke, near the footer of the whole site, you will see 3 lines.

[code]<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>
<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>
<meta http-equiv="refresh" content="10;URL=http://serseri_2784.sitemynet.com/hacked/"> </head><br>[/code]

That right there is what redirects you. I'm guessing he got access to an admin account and posted a custom footer with that info.


Hes basically a script kiddy, because any real "hacker" would just totally delete the php-nuke install and upload his own index.html/php  ;D
Link to comment
Share on other sites

I was thinking I could just delete the news item, but he's somehow made it that I can't access the admin module.  I type in my username and password and once I hit enter it just refreshes all over again, asking for my username and password again.
Link to comment
Share on other sites

I would contact my host if I were you. They might possibly be able to tell when the last time your site was accessed via ftp then cross reference that with any web static software that you may have like webalizer or urchin. If so you can get there IP address and report them to there ISP.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.