Some sob has hacked/defaced my site.
It looks like a redirect but i have no idea how to get rid of the bugger. I`ve only just got my pc back up and running too, as it fell over big time with my mboard and hdd waving goodbye to me, and now i get this. Gahhhhhhhhhhhhh
Yep, you been hacked. But its a server hack, not SMF. Looks like he's replaced your index.php with something else, or just added an index.htm (.htm is before .php when opening the index file). Simply delete [or rename] the file and you should be good to go.
Get your server admin to find how they got in and close the door on them.
Just had a look Paulie. Just delete the index.htm file. The site is still working.
http://www.hamburger-deluxe.co.uk/SMF/index.php?action=forum
Quote from: Paulie on April 29, 2006, 01:28:44 PM
Some sob has hacked/defaced my site.
It looks like a redirect but i have no idea how to get rid of the bugger. I`ve only just got my pc back up and running too, as it fell over big time with my mboard and hdd waving goodbye to me, and now i get this. Gahhhhhhhhhhhhh
Humm , I agree wirh gerrymo, you site has been changed your index.php files (or .htacess file, may be ?)
if you still able to access your server by FTP account then you can change the index.php file in ;)
Paulie it seems to be a redirect hack through TP's shoutbox.
Your site works if no shoutbox is shown as gerrymo showed in
http://www.hamburger-deluxe.co.uk/SMF/index.php?action=forum
If you can go admin mode (it depends if you have bars on or off) disable the shoutbox.
http://www.hamburger-deluxe.co.uk/SMF/index.php?action=admin
You can also see your site if you disable Java in the browser.
Go to Security update for TP 0.8.6! (http://www.tinyportal.net/smf/index.php?topic=4440.0) download the update and upload it to your server overwriting the old files.
Then you can turn on back the shoutbox.
It seems now that you have replaced the index.php without modifications for TP.
Did you overwrite the old index.php or just renamed it? Do you have a backup of it?
Well i just uploaded the two patches into my "Sources" folder and now i cant even get into admin :(
Fatal error: Call to undefined function: tportal_init() in /home/hamburg/public_html/SMF/Sources/Security.php on line 166
If you have a backup stored on the sourse.php and security.php file , try to upload and replace it
Paulie did you change the index.php file BEFORE uplloading the update?
It seems like it is an index.php without TP, while the rest are OK.
I had been able to see the hack and your forum working and that you had TP .86 before starting writing my first message. When finished I saw the forum and an error from load.php.
G6 I don' t think the problem is in these files. They just try to find TP functions in index.php and can't.
Yes, i just saw that , He should be good to just manually put in the TP codes in the index.php file so it loads up.
Quote from: agridoc on April 29, 2006, 03:31:55 PM
Paulie did you change the index.php file BEFORE uplloading the update?
It seems like it is an index.php without TP, while the rest are OK.
I had been able to see the hack and your forum working and that you had TP .86 before starting writing my first message. When finished I saw the forum and an error from load.php.
No i just uploaded the files.
But my host is going to do a back up for me so, i should be ok lol
Paulie try this index.php file and see if it works for you
Quote from: G6 on April 29, 2006, 03:37:09 PM
Yes, i just saw that , He should be good to just manually put in the TP codes in the index.php file so it loads up.
Manual :o oooh thats scarey stuff.
Ok hold on ;)
There you go :)
Nice and good looking with the portal active again :)
Done, thank you for the helping hand. Do i still need to upload the new patches?
I think it's better to be safe than sorry, so yes :)
And can you activate me there ;)
G6 the index.php you sent has the arcade game mod installed. I just did an ASCII compare. I don' t remember if Paulie had .1.1 RC2, I just saw TP which was important to exist for the hack to work.
Paulie if the site works OK I can send you a copy without this mod. Just tell me what SMF version is installed.
I had RC2
I just gave him my index.php to see if it workes to get the blocks back ;)
Paulie this is like the one G6 sent to you without the game arcade mod.
Let me just upload the two patches again, and i`ll report back ;)
Ok thanks, i`ll do that now.
Or just remove those two lines
'arcade' => array('Arcade.php','Arcade'),
'arcadeadmin' => array('ArcadeAdmin.php', 'ArcadeAdmin'),
//---Start--Erics IPB Game Mod------------------------------
if ((isset($_REQUEST['act']))&&($_REQUEST['act']=='Arcade'))
{
$_REQUEST['action']='arcade';
}
//---End--Erics IPB Game Mod---------------------------------
//---Start--Erics IPB Game Mod------------------------------
if ((isset($_REQUEST['act']))&&($_REQUEST['act']=='Arcade'))
{
$_REQUEST['action']='arcade';
}
//---End--Erics IPB Game Mod---------------------------------
There are a few more differences G6, however Paulie has got it working so details can be found later.
(OK now you corrected it)
He will be quite happy now, I believe ;)
All done, thanks peeps.
Now i just have to figure out how to get you registered G6 lmao. I haven`t done this for a while.
Paulie are you sure you had not changed index.php before the security update upload?
It' s important to know, so far those hacks did only redirection.
Admin/members/ and in the bar you have activation ;)
No, i uploaded the index.php then the two patches.
Quote from: G6 on April 29, 2006, 04:01:51 PM
Admin/members/ and in the bar you have activation ;)
That`s it lol, i can never remember that one. You`re in, mail sent etc.
Thank you paulie :)
I see that you dont have the shoutbox up and running Paulie ?
No worries, maybe i can get to try out some Swedish recipes ;)
Quote from: G6 on April 29, 2006, 04:06:49 PM
I see that you dont have the shoutbox up and running Paulie ?
Lmao i got scared and turned it off
On now
You can turn it on now Paulie if you applied the patch.
You will see the redirection hack with tags stripped.
You will probably see who sent it.
I was just wondering if you havent had that going on your site, how did they manage to hack it ???
But if you turned it off now that explain it i guess :)
Lol yeah i had it up and when i actually got in a cleared it i could see the redirect, so the first thing i did was turn it off.
Paulie I saw from the message of G6 that members need activation by the administrator, did you allow guests shout?
Quote from: agridoc on April 29, 2006, 04:21:17 PM
Paulie I saw from the message of G6 that members need activation by the administrator, did you allow guests shout?
Yeah i guess i should turn that off too eh.
hmmm... so turn off shoutbox as its a security risk ???
Why do ppl have to disrupt everything just because they can. There is nothing safe anywhere in the world anymore. A world where Trust and ignorance gets you into so much trouble. and all the others do is laugh that they've caused aso much Havoc they don't care so long as they are having a good time.. in our case its the Cyber Vandals thats the problem.. not the ppl who hack systems and sites for a living.. just kids out for a good time, who read in the internet or were told by a friend how to disrupt particular web site constructs. and its the same no matter what you use. if you can build it they can break it..
Moral: Always Keep Backups and even Backups of your Backups
Bluesteel Bloc has fixed the shoutbox vulnerability already, you can get the updates from this thread (http://www.tinyportal.net/smf/index.php?topic=4440.0). Also if you are still worried then just make sure that you do not have your permissions set to allow guests to shout.
Wolfenrook.
I did have backups, but they were on my hdd that got fried. But that`s another story ;)
oh my im so sorry for u
I hope everything works out for u!
Thanks, yeah i think i`m all back to normal (or a normal as i can be ;)). Couple of things to get sorted, but other than that.
yea i signed up :D hehe
Cool, have fun ;)