I've been using WSNLinks for my full time job as advertisement management for real estate agents... it is not publicly available since it's in a sub-folder and root is password protected (even though the folder is not). Someone changed main.tpl, displaylinks.tpl and wraper.tpl files - added porn links, crap download links.. and javascript at the end of the wrapper to activate a couple of Trojans and download of wmf files... I alarmed my host about it.. not sure what they do at this point, but I cleaned up the tpl files - basically deleted pretty much everything and left only a couple of templates I edited at the beginning and attachment folder - overwritten everything and trying running upgrade.php but it gives me blank page. The application does not work... give me the following messages:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 94
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 108 Error: The file /pagination.tpl does not exist.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 108
Also, any ideas on security of this application? I have project I can not afford this happening and would like to make sure I do everything possible to avoid it. Appreciate any suggestions.
I don'w want to link to the hacked site since it is not for wide public (company internal use only). I just figured out that every single template was altered with links and javascripts - I assume it was done automatically by a software...
The error messages were appearing on al the pages.... I had to remove the whole application and reinstall it again. The good this is - the data base was not touched.
If you read the pinned thread you'd know I will not comment on your mysql warnings because I'm not a psychic.
There was a security issue with setup.php in 3.3.20 and previous versions. Since you haven't given me any information whatsoever, naturally I will never be able to tell you if that's what the hacker used. If you can't provide me the vector of attack from the server log then naturally I can't confirm its existence or fix it.
You should be sure your host is using a secure PHP version, that magic_quotes is on and that fopen url wrappers are disabled (at least in php4 there was an issue with them which caused hosts to go with curl instead).
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on my wsnlinks got hacked
Forum Regular
Usergroup: Customer
Joined: Oct 30, 2003
Total Topics: 54
Total Comments: 197
I've been using WSNLinks for my full time job as advertisement management for real estate agents... it is not publicly available since it's in a sub-folder and root is password protected (even though the folder is not). Someone changed main.tpl, displaylinks.tpl and wraper.tpl files - added porn links, crap download links.. and javascript at the end of the wrapper to activate a couple of Trojans and download of wmf files... I alarmed my host about it.. not sure what they do at this point, but I cleaned up the tpl files - basically deleted pretty much everything and left only a couple of templates I edited at the beginning and attachment folder - overwritten everything and trying running upgrade.php but it gives me blank page. The application does not work... give me the following messages:
Also, any ideas on security of this application? I have project I can not afford this happening and would like to make sure I do everything possible to avoid it. Appreciate any suggestions.
Experienced
Usergroup: Customer
Joined: May 23, 2006
Total Topics: 16
Total Comments: 51
- following is not hack related -
Looked at your site, very nice :-)
Where did you get that U.S. map thing? I could use that for something.
Does it pull up link results per state?
Many thanks
Forum Regular
Usergroup: Customer
Joined: Oct 30, 2003
Total Topics: 54
Total Comments: 197
I wasn't talking about the site in the signature.
I don'w want to link to the hacked site since it is not for wide public (company internal use only). I just figured out that every single template was altered with links and javascripts - I assume it was done automatically by a software...
The error messages were appearing on al the pages.... I had to remove the whole application and reinstall it again. The good this is - the data base was not touched.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
If you read the pinned thread you'd know I will not comment on your mysql warnings because I'm not a psychic.
There was a security issue with setup.php in 3.3.20 and previous versions. Since you haven't given me any information whatsoever, naturally I will never be able to tell you if that's what the hacker used. If you can't provide me the vector of attack from the server log then naturally I can't confirm its existence or fix it.
You should be sure your host is using a secure PHP version, that magic_quotes is on and that fopen url wrappers are disabled (at least in php4 there was an issue with them which caused hosts to go with curl instead).