Jump to content

HACKED** MY SITE REDIRECTS TO THE CHURCH OF SATAN... I NEED TO FIX ASAP!!


moneymic313

Recommended Posts

Open the source in each of your directories a few files at a time and use your editor's "Search in Files" feature for the redirected URL.  If it doesn't turn up look for calls to the function header.

Can we rule out .htaccess redirection because the initial page loads?  I don't know enough about web servers to make that call.
Link to comment
Share on other sites

[quote author=thorpe link=topic=110382.msg446087#msg446087 date=1159892617]
[quote]I'm using firefox and it redirected me.[/quote]

Well Im in Linux so Ive got no flash. Any chance the redirect may be occuring in your flash stuff?
[/quote]
Bingo! That also occured to me so I did a quick search for ".swf" and found this:
http://www.detroithiphop.com/images/mainpage/dhh.swf

I opened it in hex view found the link "http://www.churchofsatan.com" redirecting to "_parent". Simply remove it and your page should be back to normal. :)

[EDIT] [s]Also, check for other ".swf"'s I didn't get around to that as you changed the page to a blank one.[/s]
Link to comment
Share on other sites

Now the more powerful part of the question, how to prevent this from happening again?

I have been very fortunate to not have had this problem yet, but it lurks ominously in the shadows as a very real possibility. The problem is compounded by the fact that no one wants to publicly post how to test your website because some idiot will inevitably use the information to break someone else's. So, the question persists: how do you ensure your website is relatively hacker resistant?
Link to comment
Share on other sites

Thank you everyone who helped with this... Honestly that was a fabricated .swf file that I did not even create or use..

So is this just changing and making my login info different and harder to figure out or is it more than that..??


Unfortunately though there is another issue on my side.. All of the links in my links section have been changed to the same url www.churchofsatan.com.. This is obviously a little different issue that I am sure is not quite as easy to fix...

If anyone has any suggestions on that as well please let me know..


Once again thank you all..
Link to comment
Share on other sites

Is this even a PHP issue? I'm thinking if someone placed a SWF file on the server, they had ftp access at the very least. So, how do you protect against that?

[quote author=FrOzeN link=topic=110382.msg446115#msg446115 date=1159894157]
A start would be to have a look over http://phpsec.org/projects/guide/ and see if any of the risks relate to your code.
[/quote]
Link to comment
Share on other sites

[quote author=michaellunsford link=topic=110382.msg446124#msg446124 date=1159894889]
Is this even a PHP issue? I'm thinking if someone placed a SWF file on the server, they had ftp access at the very least. So, how do you protect against that?
[/quote]
Not sure. But it seems to be back, so either the hacker just re-added it (unlikely), or there is some form of script that put the file back, which could be a php script. It'd be best just to go over all these factors so you can determine how it happened.

If you have a CPanel, or something similar. Check the ftp logs to see if someone actually uploaded the .swf file.
Link to comment
Share on other sites

If it is PHP doing the deed, you might use your ftp program's synchronize feature to see what files are different on the server than on your local machine. That might help find the offending code (since it's probably buried inside an existing PHP page someplace).

Please report back what you find, if anything. I'd also enlist the ISP help. It is highly likely that anyone with the wherewithal to get into your domain would also be able to cover their tracks, but it's worth a look.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.