my website was hacked :(

Discussion in 'OT Technology' started by unrealii, May 26, 2004.

  1. unrealii

    unrealii professor of plant biology

    Joined:
    May 6, 2001
    Messages:
    2,037
    Likes Received:
    0
    Location:
    So CALI
    www.hscuci.org/index.php
    :wtc:
    Anyone know how to fix it? I'm tempted to email the hacker's email address which is there, but I dont know if they will be a dick or not.

    I ran http://nukecops.com/downloads-file-13-details-Analyzer.html and got this:
    I changed the sitekey value, and deleted the mailattach.php file. But I cannot log into my control panel of phpnuke. Anyone know which file has the user info or which table in the sql database has the info?
     
  2. Ximian

    Ximian New Member

    Joined:
    Mar 20, 2004
    Messages:
    1,860
    Likes Received:
    0
    Location:
    DCA
    Try PostNuke instead, more or less the same, but with fewer bugs, as it seems.
     
  3. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    first things first... PULL THE PLUG. You don't know what else they did to the site yet, and you don't want to take any chances of them making you more vulnerable than you already are. Shut down the webserver, etc. I can't remember what the table name with the admin password is, but i also seem to remember it being in an include file somewhere as well. I would look at the phpNuke documentation.
     
  4. unrealii

    unrealii professor of plant biology

    Joined:
    May 6, 2001
    Messages:
    2,037
    Likes Received:
    0
    Location:
    So CALI
    I did that last night when my friend discovered the site hack. I just put it up about an hour ago to play around and see if I can fix it. I turned off the sql db and renamed the home folder to that site to something very random. I hope that is good enough for the time being. Here is the table entry:
    http://www.hscuci.org/idiots.jpg

    I blanked out the password spot and tried to log in, but it didn't work :/

    I'll try postnuke. It took me soo damn long to get phpnuke setup that I really do not want to do it again. Honestly, I know very little and I was probably treading in waters I shouldn't be.
     
  5. 0x1A4

    0x1A4 Guest

    Why can't people respect others' propety and leave them the fuck alone?

    That sucks dude, I myself am in the process of getting a php-based site going. If you find out how they hacked it and how to prevent it, please post an update for others to reference.
     
  6. Ximian

    Ximian New Member

    Joined:
    Mar 20, 2004
    Messages:
    1,860
    Likes Received:
    0
    Location:
    DCA
    Don't run PHP Nuke or any other popular CMS. That's a decent start.
     
  7. unrealii

    unrealii professor of plant biology

    Joined:
    May 6, 2001
    Messages:
    2,037
    Likes Received:
    0
    Location:
    So CALI
    Damn, didn't know they were that bad. Time to figure something else out.
     
  8. Stev

    Stev Active Member

    Joined:
    Mar 12, 2004
    Messages:
    11,409
    Likes Received:
    0
    use PHPbb... well established and there is gobs of support on their website.
     
  9. unrealii

    unrealii professor of plant biology

    Joined:
    May 6, 2001
    Messages:
    2,037
    Likes Received:
    0
    Location:
    So CALI
    I looked at phpbb. I am having trouble trying to figure out if it has a website package with it or not?
     

Share This Page