Posted on: 09/19/07 06:51am
By: nanvr
Hello. The site won't even come up. Please advise what to do.
GreenlandPines.com[*1] Greenland Pines.com . I don't even know where to begin. Thank you. This is a school website. Who, in their right mind would want to attack school kids? Oh for goodness sake!
I would appreciate any help you can offer. thank you.
Re: Worm Problem
Posted on: 09/19/07 07:19am
By: Dirk
The site does come up, but redirects to somewhere else. Before it does, this can be seen at the top of the browser window:
Warning: Cannot modify header information - headers already sent by (output started at /home/cougar/public_html/config.php:763) in /home/cougar/public_html/system/lib-sessions.php on line 188
Warning: Cannot modify header information - headers already sent by (output started at /home/cougar/public_html/config.php:763) in /home/cougar/public_html/system/lib-sessions.php on line 200
My guess is that someone modifed lib-sessions.php and inserted some code there that does the redirect.
So, first step, replace lib-sessions.php with the original version. That should hopefully fix that.
Next step, upgrade that site to the lasted 1.3.11 version. It's on 1.3.11sr1, apparently, and that version is known to have security issues.
And after that, password-protect the system, plugins, logs, and all the other directories that should not have been in public_html in the first place ...
bye, Dirk
Re: Worm Problem
Posted on: 09/19/07 02:15pm
By: Anonymous (ironmax)
nanvr,
I did a drive by into that irc chat room and sure enough, someone there did it. They were talking about all their accomplishments that they had done. Some of them were asking a ransom on a site that they had just done. So I can sympathize with you on getting hacked. Like dhaun had said, the best thing you can do is update/upgrade your site and plug the holes on how they got in.
Michael