Hacked

rowdy18 · June 26, 2009, 11:01:30 AM

my site

www.theracegarage.com/home

appears to have been hacked and the owner of the forum with all the ftp password info and stuff is out of the country and won't be back to a computer till Monday. I was wondering what is my options? If i could get past the hack page they put up i would be able to fix the forum but i can't. Sorry if i posted this in the wrong area this is the first time i have used this board.

Thanks in advance

Kenny01 · June 26, 2009, 05:43:47 PM

There's no sign of a hack on the site, or are you here to learn how to hack the site?

JBlaze · June 26, 2009, 07:43:16 PM

I don't see any sign of a hack. Is this issue resolved or do you require further assistance?

kaamaru · June 26, 2009, 07:55:42 PM

don't see any hacking do i have to login?

Norv · June 26, 2009, 07:57:25 PM

When I checked the site, there was a page saying "You have been hacked" and so. It looked like the attached file. All pages of the forum were displaying only this. (like if it was index.php itself rewritten.)
This "signature" is unknown to me, though the looks of it follow the pattern of other "showing off" hacks.

kaamaru · June 26, 2009, 08:02:06 PM

Ouch I wonder why they stopped hacking it. That was smf 2.0 RC1-1 we should find out how they did it to prevent more hacks. I can't see any info on google about previous hacks. We should ask the admin for the ip of the hackers.

JBlaze · June 26, 2009, 08:13:40 PM

This is not a SMF exploit. These are defacer groups. They mostly go after insecure servers, gain either FTP or server/host account access, and deface the site.

SlammedDime · June 26, 2009, 08:18:46 PM

My guess is that the host was comprimised and multiple people defaced, and they have already fixed it.

Norv · June 26, 2009, 08:26:40 PM

The www.theracegarage.com address was pointing to a normal page though, not that it necessarily proves anything, while www.theracegarage.com/home (www.theracegarage.com/home/index.php {eventually_more_here}) pages were resulting in that page.

kaamaru · June 26, 2009, 08:29:23 PM

Quote from: JBlaze on June 26, 2009, 08:13:40 PM
This is not a SMF exploit. These are defacer groups. They mostly go after insecure servers, gain either FTP or server/host account access, and deface the site.

Phew! How do I make sure my server is secure?

daveaite · June 26, 2009, 09:43:08 PM

You need to pay for good hosting. LOL. Your probably using shared hosting, a server that is used for multiple sites. You can always upgrade to a dedicated server..costs will increase of course. lol

Norv · June 26, 2009, 09:45:13 PM

A shared server doesn't mean an insecure server, and a dedicated server doesn't make it secure.
It comes down after all to the reputation the hosting company has, I guess. You can try finding out what that is.

kaamaru · June 26, 2009, 10:36:04 PM

Thanks

jberetta · August 19, 2009, 12:06:14 AM

this site was hacked again yesterday and the same thing was done, all that was done both times was the index.php file in the main folder was renamed to index.php~ and they put their own in there. But ever since this latest hack the reply ability when you are viewing the site on a wireless phone is gone. any idea on how to fix this? BTW I contacted my host about this yesterday and they swear up and down it is not on their end that it is the software.

edit: actually it appears as if the navigation portion of the bottom of the wireless pages is gone. it is the view you get when you view it under wap, wap2, and imode

Kenny01 · August 19, 2009, 01:42:15 AM

First put your site down (maintenance)
Grab the large upgrade from the download page and overwrite all your files then change all passwords.

jberetta · August 19, 2009, 04:54:38 PM

Quote from: Kenny01 on August 19, 2009, 01:42:15 AM
First put your site down (maintenance)
Grab the large upgrade from the download page and overwrite all your files then change all passwords.

ok well I tried this and got the package upload error I always get when I try to upgrade. The one that says it downloaded the package to the server but it is empty.

Kenny01 · August 19, 2009, 05:08:04 PM

What does the error say?

jberetta · August 19, 2009, 05:21:53 PM

IT is this same error I get every time I try to upgrade the site.

QuoteAn Error Has Occurred!
Package upload failed due to the following error:
"Although the package was downloaded to the server it appears to be empty. Please check the Packages directory, and the "temp" sub-directory are both writable. If you continue to experience this problem you should try extracting the package on your PC and uploading the extracted files into a subdirectory in your Packages directory and try again. For example, if the package was called shout.tar.gz you should:
1) Download the package to your local PC and extract it into files.
2) Using an FTP client create a new directory in your "Packages" folder, in this example you may call it "shout".
3) Upload all the files from the extracted package to this directory.
4) Go back to the package manager browse page and the package will be automatically found by SMF."

SlammedDime · August 19, 2009, 05:27:05 PM

You can't upgrade via the package manager with the Large upgrade packs.

Upgrade SMF

Kenny01 · August 19, 2009, 05:33:39 PM

You need to ftp the large upgrade, so use your ftp.

News:

Hacked