Jump to content

been hacked.

desithugg

By desithugg
in PHP Coding Help

 Share

Recommended Posts

desithugg Regular Member

desithugg

Posted
Posted

Umm I came home at lunch time from school today and was checking out my website when I saw this hacked page. Saying how i've been hacked by some team. Nothing was deleted,lost or even touched. The only thing is whenever i try to go to a file with .php extention it shows me a hacked page. I did change all my passwords immediatly but i'm not sure how to get rid of that hacked page problem.

http://pcaworld.net/site.php?who=saad430

You might have to refresh when your there to see the page, Im not sure but I think he might have messed around with the php installation or something.

Link to comment
Share on other sites
desithugg Regular Member

desithugg

Posted
  • Author
Posted

Umm I'm not sure but i think they got into cPanel

where there is some apache handler thing but i don't see aything changed in the extention handler thing. I was just assuming that they did something with the php installation or something because the hacked page only came up with .php extention files.

 

 

Link to comment
Share on other sites
obsidian Member

obsidian

Posted
Posted

Does the following mean anything to you?

Warning: main(/QueryString.php) [function.main]: failed to open stream: No such file or directory in /home/pcaworld/public_html/SSI.php on line 57

Fatal error: main() [function.require]: Failed opening required '/QueryString.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pcaworld/public_html/SSI.php on line 57

 

That's what appears at the bottom of the "hacked" page.

Link to comment
Share on other sites
desithugg Regular Member

desithugg

Posted
  • Author
Posted

Does the following mean anything to you?

Warning: main(/QueryString.php) [function.main]: failed to open stream: No such file or directory in /home/pcaworld/public_html/SSI.php on line 57

Fatal error: main() [function.require]: Failed opening required '/QueryString.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pcaworld/public_html/SSI.php on line 57

 

That's what appears at the bottom of the "hacked" page.

nope that doesn't apply to me i havn't made any file like that or anything.

Link to comment
Share on other sites
desithugg Regular Member

desithugg

Posted
  • Author
Posted

If they got into Cpanel there will be login logs you can check.

Umm unfortunaly i can't find the logs It does say last logged in by : ip address but that's my ip address i logged in twice (i didn't notice that it showed the ip untill now)

Link to comment
Share on other sites
obsidian Member

obsidian

Posted
Posted

Find this file and open it up:

/home/pcaworld/public_html/SSI.php

 

It's apparently the one that's causing the problems by being included into your pages. Not positive, but it's worth a look-see. Notice that the path is absolute from your host root, so you'll want to look in your web root for that file. If it's a legitimate file, figure out what in it is causing problems.

Link to comment
Share on other sites
dough boy Newbie

dough boy

Posted
Posted

Do you have any "new" files that are not yours?  I.e. a .htaccess file?  They could be using mod_rewrite to redirect someone that goes to any .php page to a page of their choice.  What happens when you create a new .php page?  Is it immediately "hacked"?

Link to comment
Share on other sites
desithugg Regular Member

desithugg

Posted
  • Author
Posted

Do you have any "new" files that are not yours?  I.e. a .htaccess file?  They could be using mod_rewrite to redirect someone that goes to any .php page to a page of their choice.  What happens when you create a new .php page?  Is it immediately "hacked"?

Umm I don't see any new files, I did already have a .htaccess page and I looked in all of those already and didn't see any redirection or anything of that type.

Umm here something the hacked page only shows up for

site.php

index.php (i assumed it was every file since it had it on both of them)

Umm nevermind wait something else.

Well I have a smf (simple machines forum) board installed in public_html

and they have a file SSI.php (which you can use to password protect pages) and now I see that all files that had that page included are showing up with that hacked page. I'll check out the content of the SSI.php page and see what's in it

 

Sorry I didn't notice the file earlier just been really stressed latley and now really mad cuz theres weeks of work in there.

Link to comment
Share on other sites
obsidian Member

obsidian

Posted
Posted

What version of SMF are you using? If you haven't updated to the latest, it's quite possible that's where your hole is. Also, unless you've made changes to your SSI, you may be able to just upgrade and let SMF overwrite the SSI file to the newest.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

Check the .htaccess it seems that that could be the problem.

 

Try re-installing if it still shows up that means that they goto your apache and or php system files and changed something there. Probably something that makes all .php extensions point to a certain file.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.