Latest posts for the topic "HACKED!!!!!!!!!"

HACKED!!!!!!!!!

39 Reasons — GMT

http://www.39reasons.com/guestbook39/

I'm pretty new at all this. I've done the search for fixing it, but I'm just not sure I understand it enough and don't want to make it worse.

I can still log into my admin pages - but I don't know what to do from there.

Carbonize — GMT

looks like they edited the header.php in the templates file or possibly body.php I doubt they did this via the guestbook though. Did you chmod the template files to 777? Possibly this person has an account on the same server as you. Simply remove the cde from the appropriate template file.

JTD — GMT

He is running version 2.3.1 also.

I upgraded after the fact

39 Reasons — GMT

I upgraded to 2.3.1 after reading all of the suggestions on here. Like I said, I'm pretty new to this so I'm not sure what [quote]Did you chmod the template files to 777[/quote] means.

This is what my header template looks like - again, I don't know a lot about coding, but I'm trying to learn.

$LANG[FormSelect]
$LANG[metatag]

Thanks!!!
Pamela

Carbonize — GMT

Sorry my mistake. They have editted a post via the admin area. The exploit for the guestbook does not work on your site though so I am curious as to how they got in. Anyway you can delete the post that got editted to fix the problem then change your password. Or if you wish email me the login details and I will deal with it. My email is on my site.

amber222 — GMT

Chmod is changing file permissions. Here is a post explaining it, you might want to read later:

http://proxy2.de/forum/viewtopic.php?t=3520

This post explains how to change permissions from the CPanel:

http://proxy2.de/forum/viewtopic.php?t=3654 (second from last post)

I don't think any of that will help you get rid of the hack. You need to find the offense and delete it... either from one of the template files or the Easy Admin Panel. If you email the login, I could try to find it for you.

Thank you thank you thank you!!!!

39 Reasons — GMT

[quote="Carbonize"]Sorry my mistake. They have editted a post via the admin area. The exploit for the guestbook does not work on your site though so I am curious as to how they got in. Anyway you can delete the post that got editted to fix the problem then change your password. Or if you wish email me the login details and I will deal with it. My email is on my site.[/quote]

Carbonize - you are a genius!!! I went in through myphpAdmin page - checked the latest entry - and sure enough - that was the problem!!! So I deleted it, and I'm back up and running. Thank you everyone!! And amber... I will read that post you suggested too.

Carbonize — GMT

glad to have helped. You could of just as easily deleted the post using the admin section of the guestbook but it was probably easier to identify the entry via phpMyAdmin.

I'm still curious as to how they gained access so as I said change your password.

39 Reasons — GMT

Actually - that was the first place I went once I knew I still had access to my admin section. But the photo was showing up so huge even in there (like it was on the guestbook itself) that I couldn't get to the message to delete it. It was in message 94 or 95 - and the photo covered everything down to message 80.

And since this happened, I have upgraded to the newer version of the guestbook AND changed my password!

Carbonize — GMT

No problems with using the admin section after you upgraded? There is a known bug whereby you end up in a login loop when trying to use the admin section after upgrading from 2.2 to 2.3.1.

Nope

39 Reasons — GMT

No problems. I am able to log in with no problem. Haven't done anything but delete the testing posts - but so far so good.

Carbonize — GMT

Glad to hear it. You may also want to use my image verification mod to prevent sutomated spamming of your guestbook. Not that I saw any.

Just a suggestion, why not edit the templates a little so that you could have the guestbook load in the iframe you use for the rest of the site?

39 Reasons — GMT

[quote="Carbonize"]Glad to hear it. You may also want to use my image verification mod to prevent sutomated spamming of your guestbook. Not that I saw any. [/quote]

where would I find that?

[quote="Carbonize"]Just a suggestion, why not edit the templates a little so that you could have the guestbook load in the iframe you use for the rest of the site?[/quote]

Would love to..... but don't know how And I don't want to bother anyone with it. I don't handle the majority of the site, only the extras (guestbook, e-mail, stats and CPanel maintenance) and our "webmaster" is still learning how to do this as well. There are other things I want to (eventually) figure out how to do - get rid of the "here you can leave your mark" note, replace the "GUESTBOOK" image with our logo, have that link return the viewer back to the main site, fun stuff like that. I know all those answers are on this forum somewhere, I just need to find the time to research them. Plus I need to figure out how to allow visitors to the site the option of signing up on our mailing list...... want to add an online journal for the guys in the band to post into... I could go on and on and on and on.... but I won't

Just want to thank you all again for your help - don't know what I would have done without this forum.

Carbonize — GMT

www.carbonize.co.uk/verification.zip for the image verification. Most of the guestbooks text can be editted via the lang/english.php file. The HTML is to be found in the templates folder.

Hacked and no entry

Anonymous — GMT

Hi guys,
Okay... so what if we've been hacked and we can't access our Admin?
Our passwords have been changed. How do we hack back in?

We can get into the control panel and php pages, but can't seem to get to anything that resembles the guest entries to be able to delete the damned hacker.

We're at [url]http://grahamgreene.topcities.com/guestbook[/url]

Any tips?

Thanks... I hope.
[b][color="violet"]Dusky[/color][/b].

Carbonize — GMT

You can reset the password by editing the SQL data. If your host provides you with phpMyAdmin then simply login and change the username and password entries. Change the username to anything you want and put 773359240eb9a1d9 as the password, this will make the password 123.

Nope it's all good

Anonymous — GMT

Awesome website... walked around and followed the arrows...

Sorted the problem out now.

Thanks, (meaningfully)

Carbonize — GMT

Hope you changed the password to something different than last time.