Jump to content


Photo

HACKED** MY SITE REDIRECTS TO THE CHURCH OF SATAN... I NEED TO FIX ASAP!!


  • Please log in to reply
48 replies to this topic

#1 moneymic313

moneymic313
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 03 October 2006 - 04:04 PM

Please go to my page and tell me how to remove the auto redirect that somehow is on my site...???

http://www.detroithi....com/aindex.php


any help you can provide please do so... And how did this happen and what can I do to avoid this in the future???


thank you..

MM

#2 wwfc_barmy_army

wwfc_barmy_army
  • Members
  • PipPipPip
  • Advanced Member
  • 320 posts

Posted 03 October 2006 - 04:07 PM

Try posting the code for the index page so we can check it out.

#3 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 03 October 2006 - 04:08 PM

Im thinking this is spam, I dont see any redirect. Anyone else? Of course hip hope could quite easily be classed as church of satan.

#4 wwfc_barmy_army

wwfc_barmy_army
  • Members
  • PipPipPip
  • Advanced Member
  • 320 posts

Posted 03 October 2006 - 04:09 PM

Im thinking this is spam, I dont see any redirect. Anyone else? Of course hip hope could quite easily be classed as church of satan.


I am getting redirected.

#5 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 03 October 2006 - 04:10 PM

i didn't fancy going to prey at the church of satan anyway.

#6 moneymic313

moneymic313
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 03 October 2006 - 04:10 PM

That is the problem ... not sure where this is coming from.. it is nowhere to be found on my aindex.php file..

Please advise..


MM

#7 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 03 October 2006 - 04:13 PM

This is not spam thorpe. As I am being redirected to the hell site. If I click the stop button in time I am not redirected. It only seems your index page is being affected. I can browser oither pages without being redirected.

#8 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 03 October 2006 - 04:16 PM

This is not spam thorpe.


Ok.... soz. Its not redirecting in firefox.

#9 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 03 October 2006 - 04:16 PM

Open the source in each of your directories a few files at a time and use your editor's "Search in Files" feature for the redirected URL.  If it doesn't turn up look for calls to the function header.

Can we rule out .htaccess redirection because the initial page loads?  I don't know enough about web servers to make that call.
PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#10 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 03 October 2006 - 04:17 PM

Also, I loaded the page and had to hit stop.  I didn't find any javascript causing the redirect in the source I received, but that doesn't mean it doesn't exist somewhere at the very bottom of the page.
PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#11 moneymic313

moneymic313
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 03 October 2006 - 04:19 PM

fyi I actually renamed an old aindex.php file from a few months ago to the main aindex.php and replaced it and it still redirected me..

I did a search on the entire aindex.php file for satan and churchofsatan and www.churchofsatan.com and nothing showed up..



#12 wwfc_barmy_army

wwfc_barmy_army
  • Members
  • PipPipPip
  • Advanced Member
  • 320 posts

Posted 03 October 2006 - 04:20 PM

This is not spam thorpe.


Ok.... soz. Its not redirecting in firefox.


I'm using firefox and it redirected me.

#13 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 03 October 2006 - 04:23 PM

I disabled javascript in my firefox browser using the dev toolbar and it still diverted me

#14 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 03 October 2006 - 04:23 PM

I'm using firefox and it redirected me.


Well Im in Linux so Ive got no flash. Any chance the redirect may be occuring in your flash stuff?

#15 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 03 October 2006 - 04:28 PM

replace your index page with another blank page named index to make 100% sure there is nothing in the code. I don't think there is but this will make sure.

#16 moneymic313

moneymic313
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 03 October 2006 - 04:32 PM

i replaced the aindex.php with a blank file and nothing happened.. No redirect.. So it is in the aindex.php I assume???



#17 FrOzeN

FrOzeN
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 03 October 2006 - 04:33 PM

I'm using firefox and it redirected me.


Well Im in Linux so Ive got no flash. Any chance the redirect may be occuring in your flash stuff?

Bingo! That also occured to me so I did a quick search for ".swf" and found this:


I opened it in hex view found the link "http://www.churchofsatan.com" redirecting to "_parent". Simply remove it and your page should be back to normal. :)

[EDIT] Also, check for other ".swf"'s I didn't get around to that as you changed the page to a blank one.

#18 moneymic313

moneymic313
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 03 October 2006 - 04:36 PM

how do I view .swf in hex view???

#19 FrOzeN

FrOzeN
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 03 October 2006 - 04:38 PM

Don't worry as all you need to do is delete the file "/images/mainpage/dhh.swf", and remove the code:
<embed src="/images/mainpage/dhh.swf" hidden="true">

--
I did a check on the other .swf files, it's the only offending one.

#20 michaellunsford

michaellunsford
  • Members
  • PipPipPip
  • Advanced Member
  • 1,023 posts
  • LocationLouisiana, USA

Posted 03 October 2006 - 04:40 PM

Now the more powerful part of the question, how to prevent this from happening again?

I have been very fortunate to not have had this problem yet, but it lurks ominously in the shadows as a very real possibility. The problem is compounded by the fact that no one wants to publicly post how to test your website because some idiot will inevitably use the information to break someone else's. So, the question persists: how do you ensure your website is relatively hacker resistant?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users