Thread: My site is being hacked form the tmpl_dfl folder

Hi there,
my hosting provider is sending me a warning that myr account is running scan scripts and attacking other servers.

On further investigation the attack comes form the /templates/tmpl_dfl/scripts/ folder, possibly index.php file being used by hackers.

Permissions on all folders in thye site are set to 755, register_globals are set to OFF.

And on the top of it, I am not using the defualt template, I am using the Pioneer one.

Any ideas ? My hosting provider has removed the scripts folder from the tmpl_dfl folder, and the script still works.

Any ideas or comments ? This is quite urgent.

I am using GPLDATE rev. 39, based on Dolphin 5.3

Thank you,

Luc

Did you host backup the /templates/tmpl_dfl/scripts/ folder before deleting it so it can be looked at?

Smoge

Yes, they did, I have the folder. I can zip it. Where can I send it ?

Thank you,

Luc

My signature contains an email link.

Smoge

Hi Smodge, I have sent you the "scripts" folder ...

Any update, anything detected ?

Thank you,

Luc

I have lost my hosting sponsor partner when i use Gpl date ... :S:S

I get message from hostnig administrator, "my site is send automatically spam message and attacking other servers ...

Sorry for my english but delete GPL date and install other script ...

yes, same thing here, however there should be a fix, maybe Smodge will look into that.
To be honest with you, I don't need that many features, just basics, and GPLDate is the best script I found so far, all Dolphins come with full of bugs.

So I am confident that Smodge might find the bug by which it can be hacked from that folder.

Luc

Well - the logs one of you sent were worthless... no information at all.

So - it is still a mystery.

Smoge