Advertisement:

Help I got hacked!

Aloittaja char39, lokakuu 29, 2006, 05:36:52 IP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

char39

lokakuu 29, 2006, 05:36:52 IP
I just tried to go on my forum and in it's place is a screen that says Hacked by Lipsos.  What do I do?

SleePy

#1
lokakuu 29, 2006, 05:45:39 IP
1. http://www.simplemachines.org/about/security.php
Send in that information. The faster you do the more likely it can be found in your raw access logs..

2. Can I have a link to your forum? might help me determine what they did to do this...

Take a deep breath.. Most likely it only affected your website files and not your database. So all your information is ok..
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

char39

#2
lokakuu 29, 2006, 05:53:53 IP Viimeisin muokkaus: maaliskuu 11, 2007, 09:02:09 IP käyttäjältä Tory
hold on

char39

#3
lokakuu 29, 2006, 05:58:25 IP
My index page was hacked not sure what to do to fix.

SleePy

#4
lokakuu 29, 2006, 05:59:10 IP
Looks like they might of just uploaded over your index.php file..

Get a index.php file from a fresh install and upload it..
Then try to see if it fixes it.

Do you run any Mods?
Do you run any other software? IE joomla, mambo, phpbb, Coppermine, etc..
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

char39

#5
lokakuu 29, 2006, 06:47:10 IP
I have a few mods on there.  With someones help, I think it is back up now, but that was scarey!  Why would someone do this to a little forum like mine.  Thank you for your help.

SleePy

#6
lokakuu 29, 2006, 06:52:59 IP
There is no reason why they do it.. They do it because they can and don't care..

Now..

Go to Admin -> Packages.

Copy and paste the list of installed packages..

Hopefully you didn't lose that many mods..
The only mods you should of lost are ones that edit the index.php file.. Which most of the time can be fixed easily..
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

char39

#7
lokakuu 29, 2006, 07:01:01 IP Viimeisin muokkaus: lokakuu 29, 2006, 07:15:33 IP käyttäjältä katers
These were the ones that were on there, however not all were being used because they didn't work with my theme.

   Mod Name     Version     
1.    Integrated Chat    2.6    [ Uninstall ] [ List Files ] [ Delete ]
2.    MessagePreviewOnHover    1.1    [ List Files ] [ Delete ]
3.    Simple Blog    1.3    [ List Files ] [ Delete ]
4.    Location Mod    1.2    [ Uninstall ] [ List Files ] [ Delete ]
5.    Babelfish Translater    1.0    [ Uninstall ] [ List Files ] [ Delete ]

7.    Location Mod - Additional Maps    1.2    [ Uninstall ] [ List Files ] [ Delete ]

9.    SMF 1.0.7 / 1.1 RC2 Update    1.0    [ List Files ] [ Delete
14.    Location Mod - Who Flags    1.2    [ Uninstall ] [ List Files ] [ Delete ]
15.    SMF 1.0.8 Update Package    1.0.8

SleePy

#8
lokakuu 29, 2006, 07:07:20 IP
Can you tell me which ones are not being used or remove them from the list?

Cuss right now I only see about 2 or 3 mods that need to be fixed.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

char39

#9
lokakuu 29, 2006, 07:20:08 IP
I have someone trying to help me and the themes could not be uninstalled so they were deleted but still getting errors.

SleePy

#10
lokakuu 29, 2006, 07:29:42 IP
Open Index.php

Location Mod:
Find:
Koodi [Valitse]
'mlist' => array('Memberlist.php', 'Memberlist'),

Add After:
Koodi [Valitse]
'mm' => array('MemberMap.php', 'MemberMap'),

Integrated Chat
Find:
Koodi [Valitse]
'calendar' => array('Calendar.php', 'CalendarMain'),

Add After:
Koodi [Valitse]
'chat' => array('Chat.php', 'ChatRoom'),

Simple Blog:
Find:
Koodi [Valitse]
'collapse' => array('Subs-Boards.php', 'CollapseCategory'),

Add After:
Koodi [Valitse]
'blog' => array('SimpleBlog.php', 'BlogMain'),
'viewblog' => array('SimpleBlog.php', 'ViewBlog'),


ShoutBox:
Find:
Koodi [Valitse]
'calendar' => array('Calendar.php', 'CalendarMain'),

Add After:
Koodi [Valitse]
'delete_all_shouts' => array('shout.php', 'delete_all_shouts'),
'delete_shout_age' => array('shout.php', 'delete_shout_age'),
'delete_shout' => array('shout.php', 'delete_shout'),
'shout' => array('shout.php', 'Shout'),
'shout_archive' => array('shout.php', 'ShoutArchive'),
'shout_xml' => array('shout.php', 'shout_display'),

Hopefully I didn't miss a mod that needs to be fixed..
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

char39

#11
lokakuu 29, 2006, 07:43:45 IP
Thank you so much.

char39

#12
lokakuu 29, 2006, 07:57:01 IP Viimeisin muokkaus: maaliskuu 11, 2007, 09:00:53 IP käyttäjältä Tory
I don't know how this happened, but I ended with two forums.  One of them is still showing the hacked stuff, so here is the link if it helps anyone out.

yeahimsteve

#13
lokakuu 29, 2006, 08:44:00 IP
hey katers, I had my forum hacked twice in the last three months.

Look in your forum directory for settings.php and look for the backup, or a settings.php renamed just a bit.

The reason that I mention this is because the first time I got hacked, it was very much like your site there, and I renamed the hacked settings.php to whatever I wanted, and then renamed the file in my forum directory that was labeled something like "settings_bak_.php," or "settings.bak" back over to "settings.php."

In other words, rename your settings.php backup file to the original file name, and see if that helps at all.  It totally fixed it for me the first time.

It would probably be too convenient if that actually worked, but hey.

char39

#14
lokakuu 30, 2006, 07:15:46 AP
I am getting a lot of errors on the forum, all due I think because someone elses index page was put on, after this happened.

yeahimsteve

#15
lokakuu 30, 2006, 08:56:15 AP Viimeisin muokkaus: lokakuu 30, 2006, 09:02:52 AP käyttäjältä yeahimsteve
katers bro, if I was you, I'd backup your database anyway you can (in phpmyadmin or with the smf backup feature)

Then, I'd backup my theme (with your ftp).

Then, backup your forum directory, via ftp (even though you are going to reinstall, there's files/graphics in here that you'll want).

Then, I'd go back into your phpmyadmin and take a look at all of the tables and stuff, and delete all the ones that were made by a mod.  Since you already backed it up in step 1, it won't matter if you flub one and remove something on accident.  Or, just run it by one of the great people around here willing to tell you what stays and what goes.

Then, I'd delete the whole forum and restart the whole process.......but this time, you have your themes, and your users and the posts and all of that still intact.

Then, reinstall your mods.  This will now obviously create those tables in the database that you deleted in the earlier step above, but now you won't be running into errors and all the crappy stuff that we have to deal with, haha....

It would probably take you longer to find the problem, troubleshoot, guess and check until you get it right, etc........than just reinstall the forums.

Haha, I'm sure there will be some brainer around here that'll tell you how to fix those errors.......but since you've been hacked, take it from me bro:  Get your forum reinstalled.  That way you can eliminate ALL possible hacker threats still lingering around in some unknown file or area.

I only tell you this, because I've been hacked twice now, after I thought the simple fix would prevent it from happening again.

Good luck!  You'll be back up and running and everything will be legit!   ;)

char39

#16
lokakuu 30, 2006, 07:11:52 IP
Actually, it would be sis, lol.  But thank you for your help.
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: