Welcome to Geeklog Monday, January 17 2022 @ 02:20 pm EST

Geeklog Forums

Hacked


Tor

Anonymous
Hi,

My Website has been hacked, tor.id.au

I think it is a server exploit because several sites on the same server have been hacked.

It seems that only the index.php files have been effected.

example domainname.com/index.php

and domainname.com/forum/index.php

Is it possible to get a copy of all the index.php files that I need to get geeklog up and running again ?

I am running ver 1.5.1
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
All the old versions are still available from our downloads section. But you need to make sure that you get the exact same version you were running on, or you may run into unexplicable problems (if you mix files from different versions). You may want to consider upgrading to the latest version, while you're at it.

bye, Dirk
 Quote

Tor

Anonymous
I have confirmed that the hack was to do with the server and not geeklog.

In relation to upgrading, I recently attempted an upgrade that only ended in tears.

The problem may have somthing to do with the directory where it is installed.

on my site I have installed Geeklog into the public_html dir

When I uncompressed the latest geeklog download there was a dir called public_html in the archive.

Can you tell me if I have geeklog installed in the public_html dir where should I upload the latest geeklog folder to ?

Should I have geeklog in the parent dir (/home/tor) or should I continue with where it is ?

I did get the latest release to work for a few seconds then it crashed and I reverted to a saved copy (saved with CPanel)

Or I could pay someone to upgrade it if you know who would do it.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
If you already have a public_html directory, then everything from Geeklog's public_html should go into that directory and everything else should go outside of that (up one directory level). There's an illustration on the wiki that may help.

If you can't figure it out yourself, there are some people offering Paid Support.

bye, Dirk
 Quote

Tor

Anonymous
Is it possible to set up a new installation of geeklog under a new domain name and just upload the current database ?
 Quote

Tor

Anonymous
The attack changed all of the index.* files.

I have manually changed most of them, I am having trouble finding the right file to change on this page http://tor.id.au/forum/index.php

I have viewed the page source but I cannot seem to find what I am looking for.

There is an "index.* file that needs to be replaced somewhere can you see where that file may be or what file the Forum may be calling ?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Tor

I have manually changed most of them, I am having trouble finding the right file to change on this page http://tor.id.au/forum/index.php


Since it only happens in the forum, it's either one of the forum template files or one of the forum *.php files.

bye, Dirk
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Tor

Is it possible to set up a new installation of geeklog under a new domain name and just upload the current database ?


Yes, that's what the new Migrate option in the install script in Geeklog 1.6.0 is for.

bye, Dirk
 Quote

Tor

Anonymous
The site was HACKED BY iskorpitx (Turkish Hacker)

the attack also effected homepage.*

After several hours I managed to replace most of the files.

Unfortunately I only have about ten other sites to fix.... javascript:emoticon(':banghead:'Wink
 Quote

Lizard

Anonymous
Hi,

I just read your post. I have been informed of this through my server who has upgraded their security.
Apparently some hackers are getting in through many PC viruses circulating that steal passwords stored within FTP clients. I just thought I would mention it.

:twocents:
 Quote

All times are EST. The time is now 02:20 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content