Strange that I was just setting up my files and settings to my prefrences for my site www.semidisturbed.com when suddenly I was hacked?
IR4DEX OWNZ YOU
was the message that is supposivley claiming my hour of hard work not to mention uploading. I am extreamly displeased and am wondering if this could be a bug in the software? Of course mySQL database name and password were easily guessable to the trained hack, but how would anyone know about my database in such a short period of time?
Any help would be appreciated.
Thanks Jay
http://www.semidisturbed.com/index.php
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 07:01 AM
- mazdev responded to »Pages 2.5.0 and updating - Page not found« 06:41 AM
- ehdwma created topic »Hide "Register new account" and change template to 3 col« 06:27 AM
- mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 01:29 AM
- mdee created topic »How to implement returnpage ?« 01:00 AM
- nestormateo responded to »Fillters in Clip« 24. May
- damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 24. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
Hacked! after 2 hours of installing and work?
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Dec 22, 2004
- Posts: 9
Posted: Dec 19, 2004 - 03:04 PM
-
- Rank: Developer
- Registered: Dec 31, 1969
- Last visit: Jun 01, 2010
- Posts: 6859
Posted: Dec 19, 2004 - 05:35 PM
More than likely it was an access guess, or some vunerabilty outside of PostNuke. Contact your host.
--
Home Page | Find on Facebook | Follow on Twitter
-
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2204
Posted: Dec 19, 2004 - 06:42 PM
looks like they got ftp access.. -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Dec 22, 2004
- Posts: 9
Posted: Dec 19, 2004 - 08:30 PM
none of my other files were changed, just the index.php file. This person must have known what I was installing since the postnuke index.php script had only been in that directory for about 2 hours. If that person would have had access then he could have corrupted more files and most likely would have. I guess my question now is, I reuploaded the old index.php file and it doesn't connect to the database, so is there a way to reinstall the postnuke software keeping what i did unchanged? -
- Rank: Developer
- Registered: Dec 31, 1969
- Last visit: Jun 01, 2010
- Posts: 6859
Posted: Dec 19, 2004 - 08:39 PM
Not nessecarily Defacers don't always destroy everything.
--
Home Page | Find on Facebook | Follow on Twitter
-
**unknown user**
- Rank: Helper
- Registered: Mar 16, 2002
- Last visit: May 09, 2010
- Posts: 872
Posted: Dec 19, 2004 - 10:25 PM
I would say redo everything. Since it was only a two hour job. 2 hour is nothing when you're trying to run a website.
Most likely you signed up with an unreliable webhost or something. It seems that they had FTP access. It could be your username and password for your DB was decoded and IT was the same username and password for your FTP access.
Therefore they got in because of what may be your mistake. -
- Rank: Expert
- Registered: Dec 02, 2002
- Last visit: Apr 30, 2010
- Posts: 1474
Posted: Dec 19, 2004 - 11:23 PM
JAMSKAWITZ
none of my other files were changed, just the index.php file.
Normally hacking Postnuke is done to the database and not the physical files themselves. This to me looks like some kind of problem with the security of your ftp/server being compromised. YOu should ask you host to check the logs and what time the file was changed.
--
-Lobos
Professional PHP Framework Services: Concept, Development and Deployment -
**unknown user**
- Rank: Helper
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 877
Posted: Dec 20, 2004 - 03:46 AM
I've had virtual hosts where I log onto my account via ftp and find myself in another customer's files. Needless to say, I cancelled quickly, but I've seen crap like that before so its not a big surprise. -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Dec 22, 2004
- Posts: 9
Posted: Dec 20, 2004 - 04:48 AM
Well well, anyone know of a good host that is fast, reliable and has lots of space. yes, a host that has it all. Thanks gents -
- Rank: Expert
- Registered: Mar 15, 2003
- Last visit: Oct 21, 2009
- Posts: 1221
Posted: Dec 20, 2004 - 05:03 AM
-
- Rank: Expert
- Registered: Dec 02, 2002
- Last visit: Apr 30, 2010
- Posts: 1474
Posted: Dec 20, 2004 - 05:20 AM
My sig is better (unlimited bandwidth) LOL - First go to webhostingtalk.com and have a look around before making a decision.
--
-Lobos
Professional PHP Framework Services: Concept, Development and Deployment -
- Rank: Developer
- Registered: Dec 31, 1969
- Last visit: Jun 01, 2010
- Posts: 6859
Posted: Dec 20, 2004 - 05:28 AM
Lobos
My sig is better (unlimited bandwidth) LOL - First go to webhostingtalk.com and have a look around before making a decision.
I wouldn't trust an unlimited bandwidth host as far as I could throw one of their racks.
--
Home Page | Find on Facebook | Follow on Twitter
-
- Rank: Expert
- Registered: Mar 15, 2003
- Last visit: Oct 21, 2009
- Posts: 1221
Posted: Dec 20, 2004 - 05:45 AM
And UNMETERED does NOT equal UNLIMITED.
Right from your links Page
Quote
How much traffic can I have?
SYMPTOMS
--------------------------------------------------------------------------------
No symptoms.
SOLUTION
--------------------------------------------------------------------------------
The amount of traffic you can have depends on the amount of bandwidth alloted in the package you choose. All accounts have bandwidth caps on them. The bandwidth limit is set on a MONTHLY basis, so if you reach the limit in 2 weeks, your account may get suspended after those 2 weeks and remain suspended until the following month, unless a special arrangement has been established.
Additional bandwidth can be purchased here: http://midphase.com/add-features.shtml.
Feel free to make additional inquiries via the Help Desk or e-mail.
And additional BW costs 3.75 a GB... OUCH!
--
Zikula Themes -
- Rank: Expert
- Registered: Dec 02, 2002
- Last visit: Apr 30, 2010
- Posts: 1474
Posted: Dec 20, 2004 - 05:51 AM
MMaynard
And UNMETERED does NOT equal UNLIMITED.
http://forum3.midphasetalk.com/showthread.php?t=2649&highlight=unmetered
Of course there is always a catch, but I think they allocate a generous amount as it is and you would be pretty hard pressed to exceed it, unless you were offereing big freebies and had a very, very popular site...
--
-Lobos
Professional PHP Framework Services: Concept, Development and Deployment -
**unknown user**
- Rank: Helper
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 752
Posted: Dec 20, 2004 - 05:52 AM
Quote
I wouldn't trust an unlimited bandwidth host as far as I could throw one of their racks.
LOL!!!!
- Moderated by:
- Support
