Jump to content

Hacked...


mbakshi
 Share

Recommended Posts

Well, for the second time this year, my site (techautos.com) was hacked on June 8 using what seems like some kind of SQL Insertion bug in PHP-Nuke.

 

The issue is that when you go to any page, the correct page title shows up, but nothing else.

 

I checked the authors table with phpMyAdmin and sure enough, there was an unwanted, new entry.

 

Here's the information I have on the script kiddies who did this:

 

kiegera Goda r00t_System@hush.com d074ae22efc470558775a20cbe956c5e
Collected from other sites these guys have compromised:

 

r00t_System

 

by : AFROM4N

 

nos somos :

 

Spofs , ownz_ , Kieger , MC_KiNNeY

 

irc.brasnet.org #ry afrom4n@hotmail.com

 

So anyway, I deleted the extra entry from the authors table. However, the site itself is, of course, not working. So I talked with some people on the NukeCops forums, and they basically said there's no way to fix it as the issue (assuming it was indeed a SQL Insertion attack) could be anywhere in the database. They said basically just restore it from your latest database backup.

 

Problem is...I've been really busy over the last few months, so my last DB backup was from January of this year.

 

So I uploaded this DB backup from January as another database, then table-by-table, I manually updated it with all the changes (new articles, members, forum posts, etc.) that have taken place since then - using phpMyAdmin from cpanel.

 

So then I went to check something out - in the cpanel file manager, I went to config.php to update it to the name of the new database. Then I clicked save, and when I got back to the file/directory listing, it said config.php size was 0 (empty). When I clicked edit again, there was nothing there. I tried again - same thing. I tried to delete it, then created a new file, named it config.php - but same thing again.

 

Then the Trash bin stopped working. Whenever I delete something, it disappears from the directory listing, but under trash can image, where the list of trash files should be, I instead get this:

 

Unable to change directory to /home/techaut/.trash! You do not seem to have access permissions! (System Error: No such file or directory)

 

This was quite puzzling - now I'm in even more of a mess. Can anyone help out?

Link to comment
Share on other sites

Also, you need to check the security forums on nukecops and install ALL of the fixes. You should also run protector or admin secure on your nuke site, either of them will block common hack attempts and e-mail you all of the info for the suspected hacker. Open a support ticket and we can restore the site from the latest weekly back up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...