| Author |
Message |
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
 Posted:
Mon Apr 26, 2004 10:54 am |
|
Pls guys I need your help. Someone hacked my site and made himself God Admin!!! Obviously I am God Admin too, but I don't know how to delte him and how to prevent him from doing it again!!! What can I do??  |
| |
|
|
|
morpheus_75
|
| Posted:
Mon Apr 26, 2004 11:04 am |
|
OK, I deleted him using mysql... but how to stop him from hacking my site again?  ?? |
| |
|
|
|
|
bones
Hangin' Around
Joined: Sep 18, 2003
Posts: 36
|
| Posted:
Mon Apr 26, 2004 11:11 am |
|
|
|
|
morpheus_75
|
| Posted:
Mon Apr 26, 2004 11:20 am |
|
I already have that script on. But I didn't receive any alert email and in any case I can't understand HOW he succeeded in becoming GOD ADMIN!!! |
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Mon Apr 26, 2004 11:35 am |
|
|
|
|
|
morpheus_75
|
| Posted:
Mon Apr 26, 2004 12:03 pm |
|
Thanks Chat! 
I've just applied your fix. I have a question for you. In your opinion, how did the hacker suceed in becoming God Admin? Did he enter mysql DB? Od did he hack some file via web? |
| |
|
|
|
|
chatserv
|
| Posted:
Mon Apr 26, 2004 12:13 pm |
|
Have you opened any pm that had a broken image in it? other than that they could have inserted the code through any vulnerable section of code. |
| |
|
|
|
|
morpheus_75
|
| Posted:
Mon Apr 26, 2004 12:29 pm |
|
| chatserv wrote: | | Have you opened any pm that had a broken image in it? other than that they could have inserted the code through any vulnerable section of code. |
No, but I noticed that many PMs (not only sent by me) do not reach the users  and the site is quite slow...
Btw... do u think ur fix will prevent him from succeeding again? |
| |
|
|
|
|
morpheus_75
|
| Posted:
Tue Apr 27, 2004 8:26 am |
|
AGAIN! My site was hacked again! I found another GOD ADMIN (waraxe2) in the admin menu and there was a change in a news in the home page. How is this possible? Anyone can help?? |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Apr 27, 2004 8:28 am |
|
Check your log and find out what he used to hack in. Then PM me the URL he used. In the mean time, rename your admin.php file to something else. This will lock you out too but better safe than sorry right now! |
| |
|
|
|
|
chatserv
|
| Posted:
Tue Apr 27, 2004 8:49 am |
|
Also email me your admin.php file. |
| |
|
|
|
|
morpheus_75
|
| Posted:
Tue Apr 27, 2004 9:07 am |
|
Thanj you both, guys! I'll do what you've told me to
P.S.: Raven, how can I find out what he used to hack in? In other words... would you tell me how to check my log?  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
