Advertisement:

Author Topic: Forum has been hacked - need help!  (Read 4957 times)

Offline Crisis85

  • Newbie
  • *
  • Posts: 8
Forum has been hacked - need help!
« on: October 30, 2008, 04:57:41 PM »
Hello,

I am not sure if this is in the right section, so please don't be too angry with me if it's not. I am posting regarding a forum that I administrate: hxxp:www.freecheats.com [nonactive].
If you visit that link then you see it redirects you to some foreign hack page.

This has been like this for a long time now (at least a couple of months), and the other active admin and I are out of solutions. I have looked around the internet as well as this forum, and apparently all I need to do is upgrade the forum. But there is a problem, as the owner of this forum I am not able to get a hold of. I also don't have access to the database. Either the forum owner or the person who has hacked the place has disabled access to the database, so I can't upload packages, upgrade, or anything of the sort (it is all grayed out).

The forum version is SMF 1.1.1. As you can tell I have not been able to upgrade for quite some time.

Is there some way to upgrade without accessing the database? Or is there something else you suggest I do?

Thank you for any help.

Offline genieuk

  • Sr. Member
  • ****
  • Posts: 779
  • Gender: Male
Re: Forum has been hacked - need help!
« Reply #1 on: October 30, 2008, 05:00:56 PM »
Hi,

I think you need to replace the index.php file , overwrite it with a fresh one from the SMF software package. backup first thou as always.

Also the forum owner can't be that bothered if he does not maintain his forum etc. I think the only way to do anything is if you have access to FTP or Cpanel to do anything.

Mathew

Offline Crisis85

  • Newbie
  • *
  • Posts: 8
Re: Forum has been hacked - need help!
« Reply #2 on: October 30, 2008, 05:04:21 PM »
Last I heard he was on a trip around the world. I have been trying emails he has provided, but they all come back as failed notification.  :-\

Would I have to use the package manager for such a change? I have been messing around with it for quite a while and I am never able to upload anything, as it gives back an error "read-only" or something along those lines.

Offline genieuk

  • Sr. Member
  • ****
  • Posts: 779
  • Gender: Male
Re: Forum has been hacked - need help!
« Reply #3 on: October 30, 2008, 05:13:13 PM »
Last I heard he was on a trip around the world. I have been trying emails he has provided, but they all come back as failed notification.  :-\

Would I have to use the package manager for such a change? I have been messing around with it for quite a while and I am never able to upload anything, as it gives back an error "read-only" or something along those lines.

Package Manager is to install mods, i really not got an idea on what you could do to access what you need without any login info. It seems you need to hack it yourself to be able to do anything but of course that is out of the question.

Offline RustyBarnacle

  • Sr. Member
  • ****
  • Posts: 722
    • Saving Tallingroth
Re: Forum has been hacked - need help!
« Reply #4 on: October 30, 2008, 05:18:23 PM »
You could call the host and ask them to check the site so that they see its been hacked, and get them to clean it.

They probly still wont give you cpanel or anything but if they clean the redirect and chmod the directories to what they used to be, then you may be able to upgrade your site.

Offline Crisis85

  • Newbie
  • *
  • Posts: 8
Re: Forum has been hacked - need help!
« Reply #5 on: October 30, 2008, 05:57:07 PM »
Thanks for the responses, I am discussing the matter with the other forum admin, and we decided that the best chance we have is to contact the host. That way, either they will fix it, or they can possibly contact the owner. I will post back to tell you how it goes, thanks again.

Offline Rumbaar

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,806
  • Gender: Male
  • Inherent Omniscience
    • Rumbaar.net
Re: Forum has been hacked - need help!
« Reply #6 on: November 10, 2008, 05:04:23 AM »
The nature of the 'hack' and the time it's been like that and the version of SMF you're using I would say a Large Upgrade package is the way to go.

With this you would backup you current files.  Then upload all the files in the Large Upgrade package to totally refresh the forums files.  This should affect all possible affected files.  Then run upgrade.php and you should have a fresh unhacked version.

Not knowing the nature of the hack, be sure to check and uploadable folder for possible 'hack' files.  Attachment/avatar folders.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Offline Smoky "Rider" Blue

  • SMF Hero
  • ******
  • Posts: 1,684
  • Gender: Female
  • It's all in your head! :p
    • smoky.blue.01 on Facebook
Re: Forum has been hacked - need help!
« Reply #7 on: November 10, 2008, 07:56:59 AM »
the funny is that it was hacked by lorDragon

LorDragon has a smf site and using dz's theme minus the copywrite.. hmmm..... O:)


edit: not that is is funny, but..

the addy is:

http://www.gtatr.net/
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Offline Rumbaar

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,806
  • Gender: Male
  • Inherent Omniscience
    • Rumbaar.net
Re: Forum has been hacked - need help!
« Reply #8 on: November 10, 2008, 03:37:59 PM »
That sites forum has a visible copyright, well as of now at least.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Offline Smoky "Rider" Blue

  • SMF Hero
  • ******
  • Posts: 1,684
  • Gender: Female
  • It's all in your head! :p
    • smoky.blue.01 on Facebook
Re: Forum has been hacked - need help!
« Reply #9 on: November 10, 2008, 08:50:10 PM »
it didnt when i last looked this am..  ;)

but still, someone using smf and hacking other smf users, well.. there is something to be said about that!!  :o
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Offline Deprecated

  • SMF Hero
  • ******
  • Posts: 3,499
Re: Forum has been hacked - need help!
« Reply #10 on: November 10, 2008, 08:55:47 PM »
Nothing we can do to prevent people from using SMF and engaging in illegal or unethical behavior. Same situation as GM is in when somebody uses a Chevy as a get away car for a bank robbery.

It's such a shame that Turkey has been showing up so much lately in the context of "hacking forums."

Offline Smoky "Rider" Blue

  • SMF Hero
  • ******
  • Posts: 1,684
  • Gender: Female
  • It's all in your head! :p
    • smoky.blue.01 on Facebook
Re: Forum has been hacked - need help!
« Reply #11 on: November 10, 2008, 09:06:25 PM »
yeps it is Deprecated..  :(

i did get a compliment from kingturq on my site, when he joined, but i had to ban him, as his reputation preceded himself..  ::)
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Offline Deprecated

  • SMF Hero
  • ******
  • Posts: 3,499
Re: Forum has been hacked - need help!
« Reply #12 on: November 10, 2008, 09:09:47 PM »
Too bad IP addresses aren't by country...

Hi Smoky! :-* ;)

Offline Smoky "Rider" Blue

  • SMF Hero
  • ******
  • Posts: 1,684
  • Gender: Female
  • It's all in your head! :p
    • smoky.blue.01 on Facebook
Re: Forum has been hacked - need help!
« Reply #13 on: November 10, 2008, 09:16:39 PM »
lmao!!!

i do have the ip oin him and his buddy Depreciated.. and yes hello Depreciated.. good to see you are going great tonight  :P :-*
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Offline Deprecated

  • SMF Hero
  • ******
  • Posts: 3,499
Re: Forum has been hacked - need help!
« Reply #14 on: November 10, 2008, 10:30:50 PM »
I'm challenged by the topics that nobody else can answer (or fix). This is like "Jeopardy" to me (the TV program). The easy answers aren't worth very many points. Gotta answer the tough questions to return to the show tomorrow... ;)

Offline Anthony`

  • Sophist Member
  • *****
  • Posts: 1,347
  • Gender: Male
    • AnthonyCalandra on GitHub
Re: Forum has been hacked - need help!
« Reply #15 on: November 10, 2008, 10:32:36 PM »
I saw that other post you were supporting in, oh my gosh.
Anyways, has this been solved?

Offline Deprecated

  • SMF Hero
  • ******
  • Posts: 3,499
Re: Forum has been hacked - need help!
« Reply #16 on: November 10, 2008, 10:47:24 PM »
As far as I understand this present topic is still open. OP, please verify you are still having a problem...

Offline Smoky "Rider" Blue

  • SMF Hero
  • ******
  • Posts: 1,684
  • Gender: Female
  • It's all in your head! :p
    • smoky.blue.01 on Facebook
Re: Forum has been hacked - need help!
« Reply #17 on: November 10, 2008, 10:50:22 PM »
apparently he is, as this is the url his site: www.freecheats.com.

is redirecting to: http://www.gtatr.net/hack.html and then to: http://www.gtatr.net/forum/   ;)
**Take the time to remember friendships and family.. Sometimes it's all we have, and missed very much**

Offline Deprecated

  • SMF Hero
  • ******
  • Posts: 3,499
Re: Forum has been hacked - need help!
« Reply #18 on: November 10, 2008, 10:54:31 PM »
Well I'll visit this topic tomorrow if the OP is still willing...

Offline Rumbaar

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,806
  • Gender: Male
  • Inherent Omniscience
    • Rumbaar.net
Re: Forum has been hacked - need help!
« Reply #19 on: December 09, 2008, 07:20:49 PM »
If I disable javascript I can view the page without issue.

The problem is in the fact a script has been added to the board description.  Now I've not seen this type of attack before without admin access.
Code: [Select]
<a href="http://www.freecheats.com/index.php?board=1.0" name="b1">General Board</a></b><br />
You can talk about anything here

<script>location="http://www.gtatr.net/hack.html"</script>
Disable javascript and look at the general board settings and description.  If it's not there, be sure to look in BoardIndex.template.php.  It will be very interesting to know where it is.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]