HACKED** MY SITE REDIRECTS TO THE CHURCH OF SATAN... I NEED TO FIX ASAP!!
Posted 03 October 2006 - 04:49 PM
Posted 03 October 2006 - 04:54 PM
So is this just changing and making my login info different and harder to figure out or is it more than that..??
Unfortunately though there is another issue on my side.. All of the links in my links section have been changed to the same url www.churchofsatan.com.. This is obviously a little different issue that I am sure is not quite as easy to fix...
If anyone has any suggestions on that as well please let me know..
Once again thank you all..
Posted 03 October 2006 - 05:01 PM
A start would be to have a look over http://phpsec.org/projects/guide/ and see if any of the risks relate to your code.
Posted 03 October 2006 - 05:18 PM
Not sure. But it seems to be back, so either the hacker just re-added it (unlikely), or there is some form of script that put the file back, which could be a php script. It'd be best just to go over all these factors so you can determine how it happened.
Is this even a PHP issue? I'm thinking if someone placed a SWF file on the server, they had ftp access at the very least. So, how do you protect against that?
If you have a CPanel, or something similar. Check the ftp logs to see if someone actually uploaded the .swf file.
Posted 03 October 2006 - 05:30 PM
Please report back what you find, if anything. I'd also enlist the ISP help. It is highly likely that anyone with the wherewithal to get into your domain would also be able to cover their tracks, but it's worth a look.
Posted 03 October 2006 - 05:52 PM
So I just redirected the intro page to point to a different page until I figure this out...
Posted 03 October 2006 - 05:55 PM
SMF Developer && Converter Specialist
Posted 03 October 2006 - 06:02 PM
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community
Posted 03 October 2006 - 06:06 PM
Posted 03 October 2006 - 06:12 PM
Here is Symantec's description of the threat..
"Opens a back door that allows the attacker to have unauthorized remote access to the compromised computer"
but I still havent found the file that is redirecting them back to that damn site...
Posted 03 October 2006 - 06:15 PM
SMF Developer && Converter Specialist
Posted 03 October 2006 - 06:21 PM
Posted 03 October 2006 - 06:23 PM
First change all of your passwords (mentioned by Daniel0).
If you're connecting from the local coffee house, anyone there has the ability to see your login and password. Check with your host and see if they permit SFTP and how to configure it. If they don't permit it, you might want to switch hosts.
If you're on a shared hosting solution, you can also ask your ISP to switch your server.
and whatever you do, DON'T post the contents of that file here. the last thing we want is to train someone else how to install a root kit.
Posted 03 October 2006 - 06:29 PM
Now the more powerful part of the question, how to prevent this from happening again?
I have been very fortunate to not have had this problem yet, but it lurks ominously in the shadows as a very real possibility. The problem is compounded by the fact that no one wants to publicly post how to test your website because some idiot will inevitably use the information to break someone else's. So, the question persists: how do you ensure your website is relatively hacker resistant?
Developer Fusion has several nice articles on security..
I don't think that this was your problem but here is an article on Sql Insertion
Posted 03 October 2006 - 06:31 PM
There is no dhh.swf file viewable in the images/mainpage/ hmm..
I have already removed it once but the first time I saw it plain as day.. Now it is not visible..
I would never post the contents.. but do you think the backdoor file might have been how they were getting in???
I intend to change all passwords...
Posted 03 October 2006 - 06:36 PM
So I have deleted the back door php file from the server.. deleted the dhh.swf file from the server and I am going to change my passwords right now..
I guess we can see if this all works.. If not there has got to be some sore of script recreating this file...
Posted 03 October 2006 - 06:41 PM
Nothing may be a word in any dictionary forward or backwards. Nothing may be ralted to you (birthday etc.).
Posted 03 October 2006 - 06:42 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users