Thread: Front page hack - Turkish & Muslim hackers WAS HERE!!

I've just been hacked. When going to my URL, the hacker's page displays. HostforWeb fixed it by reloading all files, except the databases, from yesterdays backup.
Any suggestions on how to prevent this in the future?

What Version is running on Your site.
Is Your register globals off ?

Boss this is no good .. Can you please post more details ..

What Version you are running ...

What Mods you have install and any changes ..

Also you should get your server logs and send them to the admin here so they can see how they got in and then can shut the door ...

What you have just done to repair your site is a waste of time and YOU WILL be hacked again as you have not fixed where they got in ...

Also go through every folder and file and make sure they have not left anything behind (folder,File)... 9 out of 10 times they have and will be able to get back in using what they have left behind .. even if you have closed the hole they first used to get in .

2 in 2 days ..Posts made about being Hacked but with no details on how .. This is rubbish ..

I haven't found the problem. I was hoping someone else was aware of this hack and knows how to stop it recurring.

I'm using Aedating 4.1. I've made some mods but nothing drastic that I think would be likely to open any holes.

I turned off Globals as soon as Smoge sent his message.

Both the homepage and the URL/admin page came up with the same screen.

I wasn't game to keep the page, but I printed it out and can scan it if someone can tell be how to upload a picture to this forum

Looks like I'm going to have a long night.

Get hold of you server logs and ask Smoge to have a look at them .. that will show where they got in ..

I've sent to logs to admin as you suggested - and will look at them myself.
I didn't know they existed - thanks for your suggestion.
I will post anything I learn.

Hi,

Both the homepage and the URL/admin page came up with the same screen.

You need to fix the damage from the hack... turning off register_globals will not reset your site to "OK" - the damage/changes have already been done!

I am not sure why HostForWeb is setting up servers with register_globals on... but the last couple of modmysite users servers I worked on that were hosted there had register_globals enabled.

The hacks (as RR1024) will tell you - could be from other means - but register_globals being off is a great start.

Other simple steps are to .htaccess your admin directory - many people don't do that.

And run code that has been cleaned up some.... aedating and dolphin tend to be a little "susceptible". GPLdate - perhaps less so - or at least, we care about that aspect of the GPLdate code.

that server is configured a bit differently to help in the security area.. both for YOUR site, and for the OTHER sites on the server - since if they are hacked, if PHPSuExec is not being used - a hacker can use another account on a server to look at your files, including header.inc.php and so on.

Yes - the server logs can be very helpful.... but my guess is.. once you clean up the hack, and have register_globals off - you will be OK.

With the files cleaned up and register_globals off - are you 100% safe - no.... but I bet it stops.

Smoge

Thanks Smoge & Smarty - I will implement the fixes.

Here are some important HINTS to help secure your AED / Dolphin Site:

1. Change the Name of your Admin Panel Directory i.e. it's default is /admin/ to /adminMyDogsName/
Modify your header.inc.php to allow this.

2. Move All the files in the inc directory except header.inc.php to a directory outside your public html www directory

home/inc/*.inc.php all inc goes here except header.inc.php and js directory of course.
home/public_html/allAedUserFilesHere
home/public_html/inc/header.inc.php

Now if you really want to screw the stupid ass hackers...LOL do what I did....Create a bunch of FAKE php files and dump them into home/public_html/inc/ such has
design.inc.php with nothing in it
admin.design.inc.php with nothing in it....LOL

It provides hours of fun and laughs.....I even added some code so it would look like they made progress but still got nothing. and it would email me with each attempt and log IP/domain/agent..LMAO!!!!!

Remove all phpself's and just use the darn $site[url] . "filename.php"

Sanatize a simple example

PHP Code:

The AEDating/Dolphine way of securing data to db...I managed to hack my own admin panel in about 1 hour
/*
function process_db_input( $text,  $force_addslashes = 0 ){
        IF ( !get_magic_quotes_gpc() || $force_addslashes ) {
                RETURN trim( addslashes( $text ) );
        }ELSE{
                RETURN trim( $text );
        }
}
*/
Now this is the way I secured it and also have the option of using and converting html and I can use this for input and output in most cases
/*
 * functions for input data into database
 * MOD 103 General Sanatize Additions Mod @IntimateAssociates.com
 */
FUNCTION process_db_input( $text, $strip_tags = 0, $force_addslashes = 0 )
{
        IF ( $strip_tags ) {
             $text = strip_tags( html_entity_decode( $text , ENT_QUOTES ) );
        }

        $text = htmlentities( stripslashes( $text ), ENT_QUOTES ); # convert quotes
        RETURN mysql_real_escape_string( trim( $text ) ); # convert leftovers

} 


Well hope that helps a little