Welcome to Geeklog Tuesday, June 25 2019 @ 11:44 pm EDT

Geeklog Forums

Site hacked and used for spamming


Status: offline

Imaginate

Forum User
Chatty
Registered: 03/12/03
Posts: 41
You were quoted as saying before...

I would actually worry more about the directories than about config.php. The backups directory invites anyone to download database backup (if they can guess or somehow find out the file name), the systems and plugins directories may contain files that could be used for spamming or even hacking your site, ... config.php is only at risk in case of a server misconfiguration.

----------------------
Last night my server was used for spamming and I'm assuming that it was from a improperly installed geeklog site... beside fixing those installs . Is there anything in particular to look at that still might be left behind from the original exploit.. is there passwords that should be changed or anything? Basically once the site has been hacked is it safe once the reinstall has happened.

Garnet

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Using the site "only" for spamming doesn't require any hacks, if Geeklog wasn't installed properly. Check the webserver's logfiles for requests to files that are normally located outside of public_html.

If the site was hacked, check for files that shouldn't be there, i.e. are not part of Geeklog. Those are often "PHP shells" that allow execution of Unix commands from the browser.

As for accounts, change the passwords on all admin accounts and check if any other users suddenly have admin access (from the list of groups, use the list icon in the second but last column to see who's a member of a certain group).

bye, Dirk

All times are EDT. The time is now 11:44 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content