View Full Version : Hacked?
October 20th, 2008, 12:10 AM
I went to my site today and it was completely down. White screen and that's it.
I was able to log into the site via ftp and found a bunch of php scripts that should not have been there. They were named date.php, links.php. includes.php, package.php, remote.php, etc.. I found them in the uploads, images, data and pretty much every directory. They all had the same contents pretty much:
I didnt put all of the string in the decode area since it would take up many lines.
I cannot get my site to come back up. I checked the db and it seems OK. I changed all of my passwords. I re-uploaded my files and still nada.
Any suggestions or knowledge of this type of thing?
October 20th, 2008, 07:17 AM
I would not think they hacked your photopost directory what they did is find a hole somewhere in your site if your using vb its usually in some hack for vb which usually has security holes and then what they do is scan your entire web root and place those types of hack files in any directory you have set to 777 permissions.
October 20th, 2008, 10:53 AM
The only thing my site is running is PhotoPost, I do not have a message board on the site.
Any ideas how I can get my site back?
Any suggestions on how to prevent anything like this in the future?
October 21st, 2008, 10:36 PM
Please, ideas anyone? Do I just have to re-install? How can I avoid this in the future?
I downloaded the latest version but I am not sure how to go about restoring my site. I uploaded all of my original files but I still get a white page so using the upgrade.php will most likely not work.
October 22nd, 2008, 06:44 AM
I would suggest wiping your drive of any files that are not suppose to be there. Change all your passwords. Reupload your photopost files and of course if your not using the same version you need to reinstall/upgrade. You also need to make sure in Photopost your placing the proper new access information to access the database since you changed things.
October 26th, 2008, 12:48 AM
Chuck- I went through all of my directories on my server and cleared out everything that should not have been there. I then uploaded all of my files and I still cannot get the site up. The closest thing I have had was a recursive loop of the page loading the header.
I need some major help restoring my site. Anyone?
October 26th, 2008, 10:42 AM
Have you tried rerunning the install script to reinstall and straighten out any problems?
October 26th, 2008, 12:59 PM
Chuck- Unfortunately I do not have the original install script for 5.3 (the version I was running) since I paid for you guys to do the upgrade for me. I was going to update to the latest version when this happened.
Is there somewhere I can download the 5.3 package?
October 26th, 2008, 04:58 PM
No sorry all you can do is download 6.2 run the install script and then the upgrade script and select the 5.3 to 6.2 upgrades and see if this fixes things.
October 26th, 2008, 05:36 PM
Tried it and now all I get is a PhotoPost Pro banner.
Check it out:
My Fishing Pics - Main Index (http://myfishingpics.com/photopost48c/index.php)
October 26th, 2008, 05:56 PM
You can though an install and an upgrade?
You need to check to ensure any hacked stuff is gone and you have uploaded all the Photopost files.
I mean your page is printing completely as in I see a header and footer you just have nothing in between.
The only thing in your settings I see wrong is you have a double slash after your main url
Can you login or get to an admin panel?
My Fishing Pics - Login (http://myfishingpics.com/photopost48c/adm-index.php)
October 26th, 2008, 08:53 PM
Nope, cannot login. I do not even see a footer, just the PhotoPost Pro banner.
I went through the server and deleted anything that should not be there then uploaded the new files. The only directory that I did not delete is my data directory ince all of the photos are there.
October 27th, 2008, 02:01 AM
.htaccess?.. just thought.
October 27th, 2008, 06:21 AM
Photo Sharing Gallery by PhotoPost
Copyright © 2007 All Enthusiast, Inc.
No portion of this page, text, images or code, may be copied, reproduced, published or distributed in any medium without the expressed written permission of the copyright holder.
You do have a footer
You can send us ftp information through the contact us link above to look at whats left.
October 27th, 2008, 10:34 AM
I had found & removed a bunch of .htaccess files that this SOB placed in all of my directories but things still won't come back up.
Chuck - I sent you an email via the contact link.
October 27th, 2008, 06:23 PM
Okay i will take a look
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.