Forum has been hacked - need help!

Started by Crisis85, October 30, 2008, 04:57:41 PM

Previous topic - Next topic

Crisis85

Hello,

I am not sure if this is in the right section, so please don't be too angry with me if it's not. I am posting regarding a forum that I administrate: hxxp:www.freecheats.com [nonactive].
If you visit that link then you see it redirects you to some foreign hack page.

This has been like this for a long time now (at least a couple of months), and the other active admin and I are out of solutions. I have looked around the internet as well as this forum, and apparently all I need to do is upgrade the forum. But there is a problem, as the owner of this forum I am not able to get a hold of. I also don't have access to the database. Either the forum owner or the person who has hacked the place has disabled access to the database, so I can't upload packages, upgrade, or anything of the sort (it is all grayed out).

The forum version is SMF 1.1.1. As you can tell I have not been able to upgrade for quite some time.

Is there some way to upgrade without accessing the database? Or is there something else you suggest I do?

Thank you for any help.

genieuk

Hi,

I think you need to replace the index.php file , overwrite it with a fresh one from the SMF software package. backup first thou as always.

Also the forum owner can't be that bothered if he does not maintain his forum etc. I think the only way to do anything is if you have access to FTP or Cpanel to do anything.

Mathew

Crisis85

Last I heard he was on a trip around the world. I have been trying emails he has provided, but they all come back as failed notification.  :-\

Would I have to use the package manager for such a change? I have been messing around with it for quite a while and I am never able to upload anything, as it gives back an error "read-only" or something along those lines.

genieuk

Quote from: Crisis85 on October 30, 2008, 05:04:21 PM
Last I heard he was on a trip around the world. I have been trying emails he has provided, but they all come back as failed notification.  :-\

Would I have to use the package manager for such a change? I have been messing around with it for quite a while and I am never able to upload anything, as it gives back an error "read-only" or something along those lines.

Package Manager is to install mods, i really not got an idea on what you could do to access what you need without any login info. It seems you need to hack it yourself to be able to do anything but of course that is out of the question.

RustyBarnacle

You could call the host and ask them to check the site so that they see its been hacked, and get them to clean it.

They probly still wont give you cpanel or anything but if they clean the redirect and chmod the directories to what they used to be, then you may be able to upgrade your site.

Crisis85

Thanks for the responses, I am discussing the matter with the other forum admin, and we decided that the best chance we have is to contact the host. That way, either they will fix it, or they can possibly contact the owner. I will post back to tell you how it goes, thanks again.

Rumbaar

The nature of the 'hack' and the time it's been like that and the version of SMF you're using I would say a Large Upgrade package is the way to go.

With this you would backup you current files.  Then upload all the files in the Large Upgrade package to totally refresh the forums files.  This should affect all possible affected files.  Then run upgrade.php and you should have a fresh unhacked version.

Not knowing the nature of the hack, be sure to check and uploadable folder for possible 'hack' files.  Attachment/avatar folders.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Smoky "Rider" Blue

the funny is that it was hacked by lorDragon

LorDragon has a smf site and using dz's theme minus the copywrite.. hmmm..... O:)


edit: not that is is funny, but..

the addy is:

http://www.gtatr.net/
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Rumbaar

That sites forum has a visible copyright, well as of now at least.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Smoky "Rider" Blue

it didnt when i last looked this am..  ;)

but still, someone using smf and hacking other smf users, well.. there is something to be said about that!!  :o
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Deprecated

Nothing we can do to prevent people from using SMF and engaging in illegal or unethical behavior. Same situation as GM is in when somebody uses a Chevy as a get away car for a bank robbery.

It's such a shame that Turkey has been showing up so much lately in the context of "hacking forums."

Smoky "Rider" Blue

yeps it is Deprecated..  :(

i did get a compliment from kingturq on my site, when he joined, but i had to ban him, as his reputation preceded himself..  ::)
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Deprecated

Too bad IP addresses aren't by country...

Hi Smoky! :-* ;)

Smoky "Rider" Blue

lmao!!!

i do have the ip oin him and his buddy Depreciated.. and yes hello Depreciated.. good to see you are going great tonight  :P :-*
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Deprecated

I'm challenged by the topics that nobody else can answer (or fix). This is like "Jeopardy" to me (the TV program). The easy answers aren't worth very many points. Gotta answer the tough questions to return to the show tomorrow... ;)

ascaland

I saw that other post you were supporting in, oh my gosh.
Anyways, has this been solved?

Deprecated

As far as I understand this present topic is still open. OP, please verify you are still having a problem...

Smoky "Rider" Blue

**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Deprecated

Well I'll visit this topic tomorrow if the OP is still willing...

Rumbaar

If I disable javascript I can view the page without issue.

The problem is in the fact a script has been added to the board description.  Now I've not seen this type of attack before without admin access.
<a href="http://www.freecheats.com/index.php?board=1.0" name="b1">General Board</a></b><br />
You can talk about anything here

<script>location="http://www.gtatr.net/hack.html"</script>

Disable javascript and look at the general board settings and description.  If it's not there, be sure to look in BoardIndex.template.php.  It will be very interesting to know where it is.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Advertisement: