Welcome to Geeklog, Anonymous Thursday, December 08 2022 @ 02:04 pm EST

Geeklog Forums

Site hacked and used for spamming

Status: offline


Forum User
Registered: 12/03/03
Posts: 41
You were quoted as saying before...

I would actually worry more about the directories than about config.php. The backups directory invites anyone to download database backup (if they can guess or somehow find out the file name), the systems and plugins directories may contain files that could be used for spamming or even hacking your site, ... config.php is only at risk in case of a server misconfiguration.

Last night my server was used for spamming and I'm assuming that it was from a improperly installed geeklog site... beside fixing those installs . Is there anything in particular to look at that still might be left behind from the original exploit.. is there passwords that should be changed or anything? Basically once the site has been hacked is it safe once the reinstall has happened.


Status: offline


Site Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Using the site "only" for spamming doesn't require any hacks, if Geeklog wasn't installed properly. Check the webserver's logfiles for requests to files that are normally located outside of public_html.

If the site was hacked, check for files that shouldn't be there, i.e. are not part of Geeklog. Those are often "PHP shells" that allow execution of Unix commands from the browser.

As for accounts, change the passwords on all admin accounts and check if any other users suddenly have admin access (from the list of groups, use the list icon in the second but last column to see who's a member of a certain group).

bye, Dirk

All times are EST. The time is now 02:04 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content