Help my site was hacked

Regular Joined: Nov 21, 2005 Posts: 67

I can get into admin but not my home page. http://www.rcaclan.com/index.php

I really need some help on fixing this
Thanks in advance

Ok I was Hacked

In the browser window it is saying I was hacked by PILOT

How did he get into my index.php file
<HTML><HEAD><TITLE>::[Hacked by PilOT[B]inGoEnG]::</TITLE>

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Are you running NukeSentinel? If so, do you have Admin Auth turned on?

There are several "what do I" guides about recovered from an attack. Have you seen any of them?

Are you running any scripts that allow files to be uploaded? Some of these do not protect you fully and some do not use standard Nuke techniques for accessing the data, thus NukeSentinel can not protect them.

Finally, check to see if any files have been modified. That specific change could be in the theme, a header.php, the index.php, etc.

Posted: Wed Apr 12, 2006 7:53 am

I copied another index.php file from ravens nuke 7.6 to the root of my site and deleted the changed index.php file that was hacked in the root of my site. this fixed the problem everything else is working good. yeas sentinal is turned on and activated. as is says in the readme

I need to remove my index php file out of my root of my site. the site is in a subdomain. but what is to provent them from changing somethig else I changed all ftp password cpanal log in,s I need advise here on what to do.

registered · Posted: Wed Apr 12, 2006 9:21 am

If files are changed then they had gained access to your server either through the server its self or an exploit that allowed them to run a command. Either way they may have damaged more than just the index.php

Were you running SPChat, vWar, or the coppermine module?

Posted: Wed Apr 12, 2006 11:07 am

None
Squery and I edit the php.ini file as was told to do as I got a e-mail from them saying that there is a hole.

I wish this month’s news letter was a bit more upbeat, but since the latest php update there has been a breach in the SQuery Module allowing hackers to gain entrance into a website's admin area.
Not to worry, we are working on a solution at this time.

One thing that has stopped this has been to set the Register_Globals to OFF in your PHP.ini file in the ROOT of your website

I have done this but it still does not explain how that got in my root.

I have changed all passwords to cpanel and FTP programs and so on.

Not sure what else I can do.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

SQuery is the problem - not PHP.

registered · Posted: Fri Apr 14, 2006 12:31 pm

Ah, ok, I wasn't sure what "SQuery" was and was thinking it might have been tied into PHP somehow. Thanks!

New Member Joined: Sep 09, 2003 Posts: 9

Okay I notice that youa re running Vwar. There is an exploit out agasint Vwar as well.

I have fixed several clan sites that were running Vwar and had not upgraded.

The upgrade is pretty straight forward and easy if you ahve not done it but you have to do it like any other upgrade and that is go from one version to the next in progression