Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in My Site has been hacked View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » Hack Attempt Script Author Message checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 5:52 pm Could any of you guys look at my site and let me know where the problem is? My site has been hacked since this morning Only registered users can see links on this board! Get registered or login to the forums! Last edited by checksum on Wed Jun 13, 2007 10:43 pm; edited 1 time in total evaders99 Moderator Joined: Apr 30, 2004 Posts: 2852 Posted: Tue Jun 12, 2007 5:55 pm Looks like the code was replaced with some nasty Javascript It could be anywhere, hacked files... hacked database, etc. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 6:06 pm yes I see the javascript, how can I locate it and delete it? kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 6:27 pm Look for recently changed files. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 6:33 pm That's what I am doing, but it's hard I see config.php 5/6/2007 but when I look into it I do not see the javascript code Can I give you access to my ftp in you PM so you can help me locate it? checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 7:00 pm I did a search in the entire database, and I could not find anything javascript. I could not see any fils or folders modified 6/12/07, it happened this morning kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 7:24 pm It could be in your database - check the messages, news and blocks tables. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 7:54 pm I downloaded the whole database and did a search, no javascript found kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 8:34 pm OK. I looked at the site. If there aren't any new files (e.g. index.html, index.htm) or changes to your index.php (assuming it's PHP-Nuke), I'd check the includes and themes directory for changes to files there. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 10:20 pm could he be pulling the javascript from somewhere else, such that when i do a search on the javascript code, i do not find anything? kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 10:37 pm Something in mainfile...haven't found it yet. kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 10:51 pm You need to check with your host. There is a bigger problem. It looks like they are adding a google analytics reference that is interfering with your scripts. I added an info.php file, and all it does is execute phpinfo. Even that has the google analytics stuff. Is this a free host? Don't forget to remove the info.php after you verify. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 10:55 pm no, it is a VPS, I have access to the server too. I can give you access to the server also kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 10:59 pm Is it managed? If so, have them check the configuration. Even regular .html files are loading the google-code script. kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Tue Jun 12, 2007 11:04 pm Sorry - it's pointing to google-counter.com Probably to drive up adsense or some other nonsense. Giving me VPS access won't help - I wouldn't know where to start. But it's definitely not your script, though you should have different passwords for cpanel, database and nuke admin. Not sure if that's the case, but you should also update your NukeSentinel - it looks a few versions old. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 11:09 pm I don't know what you mean by managed, but I do have pretty much control of the server. I have sent them an email, I will see what they say, and if they can identify the root cause. Thank you for your help montego Site Admin Joined: Aug 29, 2004 Posts: 7481 Location: Arizona Posted: Wed Jun 13, 2007 6:28 am checksum, there are typically two levels of service provided by hosting companies for a VPS and dedicated. There is "managed" and "not managed". "managed" is more expensive, but generally speaking, if the plan is a good one, the hosting company will do almost anything you need done at the server level. Let's face it, most of us are not server admins, so we need help from time-to-time. If your plan is not "managed", then there may be a charges for support tickets. In other words, it boils down to how much help you can expect to get from your hosting company for your VPS or dedicated server. kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Wed Jun 13, 2007 6:49 am Looks like it's working now. Please let us know the details. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Wed Jun 13, 2007 5:02 pm Hi, Sorry for the delay, was at work. They fixed it early this morning I pointed them to this thread also. Here is what they said: Could you please chech now, that code shouldn't load on your pages anymore. It was exploit that is using bug in mod_layout apache module. I've disabled it, and your serevr is safe now. Best regards, Tom H. HostForWeb Inc. Thank you kguske for your help kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Wed Jun 13, 2007 8:46 pm Thanks for following up. Don't forget to remove the info.php file in your Nuke root. Make sure have different cPanel, VPS, and Nuke database user IDs / passwords for extra security... kguske Site Admin Joined: Jun 04, 2004 Posts: 4873 Posted: Thu Jun 14, 2007 5:14 am One more follow up - can you get some details (i.e. a link) on this exploit from your host? That was a particularly nasty issue, and we couldn't find any details about it based on the response. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Thu Jun 14, 2007 7:05 pm Ok, will do CodyG PHP-Portal Project Joined: Jan 02, 2003 Posts: 629 Location: Vancouver Island Posted: Tue Jun 26, 2007 12:04 am any updates? Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » Hack Attempt Script  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------Converting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General Discussion RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestions Recommended Reading----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePie RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroUpgrade Pack For RavenNuke(tm) v1.05.00 to v2.02.00Raven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroRaven's RavenNuke(tm) v2.10.00Public Testing of RavenNuke(tm) v2.10.00HtAccesser Security----------------Security - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsEasy IP Ban Reference [eC-IPBR]PHP-Nuke Patched Series By Chatserv Information About Forums----------------Old Forum EntriesPHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsGeneral - PHP Portal ProjectDevelopersDesign Discussions Scripts - General----------------Post Release FixesBug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountM2FBrowser Specific IssuesUpgrading NukeNuke Treasury Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepository 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - The Wastelands of NukeworldOther - Book ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Guest Editorials----------------My Turn - James R. Sanders  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
:: :: ::

zerosum