Subject: Hacked

Posted on: 27/08/09 09:08am
By: Anonymous

Hi,

My Website has been hacked, tor.id.au

I think it is a server exploit because several sites on the same server have been hacked.

It seems that only the index.php files have been effected.

example domainname.com/index.php

and domainname.com/forum/index.php

Is it possible to get a copy of all the index.php files that I need to get geeklog up and running again ?

I am running ver 1.5.1

Re: Hacked

Posted on: 27/08/09 09:32am
By: Dirk

All the old versions are still available from our downloads section. But you need to make sure that you get the exact same version you were running on, or you may run into unexplicable problems (if you mix files from different versions). You may want to consider upgrading to the latest version, while you're at it.

bye, Dirk

Re: Hacked

Posted on: 27/08/09 10:15am
By: Anonymous

I have confirmed that the hack was to do with the server and not geeklog.

In relation to upgrading, I recently attempted an upgrade that only ended in tears.

The problem may have somthing to do with the directory where it is installed.

on my site I have installed Geeklog into the public_html dir

When I uncompressed the latest geeklog download there was a dir called public_html in the archive.

Can you tell me if I have geeklog installed in the public_html dir where should I upload the latest geeklog folder to ?

Should I have geeklog in the parent dir (/home/tor) or should I continue with where it is ?

I did get the latest release to work for a few seconds then it crashed and I reverted to a saved copy (saved with CPanel)

Or I could pay someone to upgrade it if you know who would do it.

Re: Hacked

Posted on: 27/08/09 10:36am
By: Dirk

If you already have a public_html directory, then everything from Geeklog's public_html should go into that directory and everything else should go outside of that (up one directory level). There's an illustration on the wiki that may help.

If you can't figure it out yourself, there are some people offering Paid Support.

bye, Dirk

Re: Hacked

Posted on: 27/08/09 11:28am
By: Anonymous

Is it possible to set up a new installation of geeklog under a new domain name and just upload the current database ?

Re: Hacked

Posted on: 27/08/09 12:15pm
By: Anonymous

The attack changed all of the index.* files.

I have manually changed most of them, I am having trouble finding the right file to change on this page http://tor.id.au/forum/index.php

I have viewed the page source but I cannot seem to find what I am looking for.

There is an "index.* file that needs to be replaced somewhere can you see where that file may be or what file the Forum may be calling ?

Re: Hacked

Posted on: 27/08/09 02:02pm
By: Dirk

Quote by: Tor

I have manually changed most of them, I am having trouble finding the right file to change on this page http://tor.id.au/forum/index.php


Since it only happens in the forum, it's either one of the forum template files or one of the forum *.php files.

bye, Dirk

Re: Hacked

Posted on: 27/08/09 02:03pm
By: Dirk

Quote by: Tor

Is it possible to set up a new installation of geeklog under a new domain name and just upload the current database ?


Yes, that's what the new Migrate option in the install script in Geeklog 1.6.0 is for.

bye, Dirk

Re: Hacked

Posted on: 27/08/09 02:51pm
By: Anonymous

The site was HACKED BY iskorpitx (Turkish Hacker)

the attack also effected homepage.*

After several hours I managed to replace most of the files.

Unfortunately I only have about ten other sites to fix.... javascript:emoticon(':banghead:'Wink

Re: Hacked

Posted on: 19/02/10 09:30pm
By: Anonymous

Hi,

I just read your post. I have been informed of this through my server who has upgraded their security.
Apparently some hackers are getting in through many PC viruses circulating that steal passwords stored within FTP clients. I just thought I would mention it.

:twocents:

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=88319