Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in My Site has been hacked View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » Hack Attempt Script Author Message checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 5:52 pm Could any of you guys look at my site and let me know where the problem is? My site has been hacked since this morning Only registered users can see links on this board! Get registered or login to the forums! Last edited by checksum on Wed Jun 13, 2007 10:43 pm; edited 1 time in total evaders99 Former Moderator in Good Standing Joined: Apr 30, 2004 Posts: 3221 Posted: Tue Jun 12, 2007 5:55 pm Looks like the code was replaced with some nasty Javascript It could be anywhere, hacked files... hacked database, etc. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 6:06 pm yes I see the javascript, how can I locate it and delete it? kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 6:27 pm Look for recently changed files. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 6:33 pm That's what I am doing, but it's hard I see config.php 5/6/2007 but when I look into it I do not see the javascript code Can I give you access to my ftp in you PM so you can help me locate it? checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 7:00 pm I did a search in the entire database, and I could not find anything javascript. I could not see any fils or folders modified 6/12/07, it happened this morning kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 7:24 pm It could be in your database - check the messages, news and blocks tables. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 7:54 pm I downloaded the whole database and did a search, no javascript found kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 8:34 pm OK. I looked at the site. If there aren't any new files (e.g. index.html, index.htm) or changes to your index.php (assuming it's PHP-Nuke), I'd check the includes and themes directory for changes to files there. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 10:20 pm could he be pulling the javascript from somewhere else, such that when i do a search on the javascript code, i do not find anything? kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 10:37 pm Something in mainfile...haven't found it yet. kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 10:51 pm You need to check with your host. There is a bigger problem. It looks like they are adding a google analytics reference that is interfering with your scripts. I added an info.php file, and all it does is execute phpinfo. Even that has the google analytics stuff. Is this a free host? Don't forget to remove the info.php after you verify. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 10:55 pm no, it is a VPS, I have access to the server too. I can give you access to the server also kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 10:59 pm Is it managed? If so, have them check the configuration. Even regular .html files are loading the google-code script. kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Tue Jun 12, 2007 11:04 pm Sorry - it's pointing to google-counter.com Probably to drive up adsense or some other nonsense. Giving me VPS access won't help - I wouldn't know where to start. But it's definitely not your script, though you should have different passwords for cpanel, database and nuke admin. Not sure if that's the case, but you should also update your NukeSentinel - it looks a few versions old. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Tue Jun 12, 2007 11:09 pm I don't know what you mean by managed, but I do have pretty much control of the server. I have sent them an email, I will see what they say, and if they can identify the root cause. Thank you for your help montego Site Admin Joined: Aug 29, 2004 Posts: 9133 Location: Arizona Posted: Wed Jun 13, 2007 6:28 am checksum, there are typically two levels of service provided by hosting companies for a VPS and dedicated. There is "managed" and "not managed". "managed" is more expensive, but generally speaking, if the plan is a good one, the hosting company will do almost anything you need done at the server level. Let's face it, most of us are not server admins, so we need help from time-to-time. If your plan is not "managed", then there may be a charges for support tickets. In other words, it boils down to how much help you can expect to get from your hosting company for your VPS or dedicated server. kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Wed Jun 13, 2007 6:49 am Looks like it's working now. Please let us know the details. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Wed Jun 13, 2007 5:02 pm Hi, Sorry for the delay, was at work. They fixed it early this morning I pointed them to this thread also. Here is what they said: Could you please chech now, that code shouldn't load on your pages anymore. It was exploit that is using bug in mod_layout apache module. I've disabled it, and your serevr is safe now. Best regards, Tom H. HostForWeb Inc. Thank you kguske for your help kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Wed Jun 13, 2007 8:46 pm Thanks for following up. Don't forget to remove the info.php file in your Nuke root. Make sure have different cPanel, VPS, and Nuke database user IDs / passwords for extra security... kguske Site Admin Joined: Jun 04, 2004 Posts: 6044 Posted: Thu Jun 14, 2007 5:14 am One more follow up - can you get some details (i.e. a link) on this exploit from your host? That was a particularly nasty issue, and we couldn't find any details about it based on the response. checksum Hangin' Around Joined: Jun 30, 2003 Posts: 39 Posted: Thu Jun 14, 2007 7:05 pm Ok, will do CodyG Life Cycles Becoming CPU Cycles Joined: Jan 02, 2003 Posts: 668 Location: Vancouver Island Posted: Tue Jun 26, 2007 12:04 am any updates? Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » Hack Attempt Script  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum