Jump to content

Archived

This topic is now archived and is closed to further replies.

moneymic313

HACKED** MY SITE REDIRECTS TO THE CHURCH OF SATAN... I NEED TO FIX ASAP!!

Recommended Posts

Please go to my page and tell me how to remove the auto redirect that somehow is on my site...???

http://www.detroithiphop.com/aindex.php


any help you can provide please do so... And how did this happen and what can I do to avoid this in the future???


thank you..

MM

Share this post


Link to post
Share on other sites
Im thinking this is spam, I dont see any redirect. Anyone else? Of course hip hope could quite easily be classed as [i]church of satan[/i].

Share this post


Link to post
Share on other sites
[quote author=thorpe link=topic=110382.msg446064#msg446064 date=1159891738]
Im thinking this is spam, I dont see any redirect. Anyone else? Of course hip hope could quite easily be classed as [i]church of satan[/i].
[/quote]

I am getting redirected.

Share this post


Link to post
Share on other sites
That is the problem ... not sure where this is coming from.. it is nowhere to be found on my aindex.php file..

Please advise..


MM

Share this post


Link to post
Share on other sites
This is not spam thorpe. As I am being redirected to the hell site. If I click the stop button in time I am not redirected. It only seems your index page is being affected. I can browser oither pages without being redirected.

Share this post


Link to post
Share on other sites
[quote]This is not spam thorpe.[/quote]

Ok.... soz. Its not redirecting in firefox.

Share this post


Link to post
Share on other sites
Open the source in each of your directories a few files at a time and use your editor's "Search in Files" feature for the redirected URL.  If it doesn't turn up look for calls to the function header.

Can we rule out .htaccess redirection because the initial page loads?  I don't know enough about web servers to make that call.

Share this post


Link to post
Share on other sites
Also, I loaded the page and had to hit stop.  I didn't find any javascript causing the redirect in the source I received, but that doesn't mean it doesn't exist somewhere at the very bottom of the page.

Share this post


Link to post
Share on other sites
fyi I actually renamed an old aindex.php file from a few months ago to the main aindex.php and replaced it and it still redirected me..

I did a search on the entire aindex.php file for satan and churchofsatan and www.churchofsatan.com and nothing showed up..

Share this post


Link to post
Share on other sites
[quote author=thorpe link=topic=110382.msg446073#msg446073 date=1159892180]
[quote]This is not spam thorpe.[/quote]

Ok.... soz. Its not redirecting in firefox.
[/quote]

I'm using firefox and it redirected me.

Share this post


Link to post
Share on other sites
[quote]I'm using firefox and it redirected me.[/quote]

Well Im in Linux so Ive got no flash. Any chance the redirect may be occuring in your flash stuff?

Share this post


Link to post
Share on other sites
replace your index page with another blank page named index to make 100% sure there is nothing in the code. I don't think there is but this will make sure.

Share this post


Link to post
Share on other sites
i replaced the aindex.php with a blank file and nothing happened.. No redirect.. So it is in the aindex.php I assume???

Share this post


Link to post
Share on other sites
[quote author=thorpe link=topic=110382.msg446087#msg446087 date=1159892617]
[quote]I'm using firefox and it redirected me.[/quote]

Well Im in Linux so Ive got no flash. Any chance the redirect may be occuring in your flash stuff?
[/quote]
Bingo! That also occured to me so I did a quick search for ".swf" and found this:
http://www.detroithiphop.com/images/mainpage/dhh.swf

I opened it in hex view found the link "http://www.churchofsatan.com" redirecting to "_parent". Simply remove it and your page should be back to normal. :)

[EDIT] [s]Also, check for other ".swf"'s I didn't get around to that as you changed the page to a blank one.[/s]

Share this post


Link to post
Share on other sites
Don't worry as all you need to do is delete the file "/images/mainpage/dhh.swf", and remove the code:
[code]<embed src="/images/mainpage/dhh.swf" hidden="true">[/code]

--
I did a check on the other .swf files, it's the only offending one.

Share this post


Link to post
Share on other sites
Now the more powerful part of the question, how to prevent this from happening again?

I have been very fortunate to not have had this problem yet, but it lurks ominously in the shadows as a very real possibility. The problem is compounded by the fact that no one wants to publicly post how to test your website because some idiot will inevitably use the information to break someone else's. So, the question persists: how do you ensure your website is relatively hacker resistant?

Share this post


Link to post
Share on other sites
A start would be to have a look over http://phpsec.org/projects/guide/ and see if any of the risks relate to your code.

Share this post


Link to post
Share on other sites
Thank you everyone who helped with this... Honestly that was a fabricated .swf file that I did not even create or use..

So is this just changing and making my login info different and harder to figure out or is it more than that..??


Unfortunately though there is another issue on my side.. All of the links in my links section have been changed to the same url www.churchofsatan.com.. This is obviously a little different issue that I am sure is not quite as easy to fix...

If anyone has any suggestions on that as well please let me know..


Once again thank you all..

Share this post


Link to post
Share on other sites
Is this even a PHP issue? I'm thinking if someone placed a SWF file on the server, they had ftp access at the very least. So, how do you protect against that?

[quote author=FrOzeN link=topic=110382.msg446115#msg446115 date=1159894157]
A start would be to have a look over http://phpsec.org/projects/guide/ and see if any of the risks relate to your code.
[/quote]

Share this post


Link to post
Share on other sites
[quote author=michaellunsford link=topic=110382.msg446124#msg446124 date=1159894889]
Is this even a PHP issue? I'm thinking if someone placed a SWF file on the server, they had ftp access at the very least. So, how do you protect against that?
[/quote]
Not sure. But it seems to be back, so either the hacker just re-added it (unlikely), or there is some form of script that put the file back, which could be a php script. It'd be best just to go over all these factors so you can determine how it happened.

If you have a CPanel, or something similar. Check the ftp logs to see if someone actually uploaded the .swf file.

Share this post


Link to post
Share on other sites
If it is PHP doing the deed, you might use your ftp program's synchronize feature to see what files are different on the server than on your local machine. That might help find the offending code (since it's probably buried inside an existing PHP page someplace).

Please report back what you find, if anything. I'd also enlist the ISP help. It is highly likely that anyone with the wherewithal to get into your domain would also be able to cover their tracks, but it's worth a look.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.