Webmastersite.net
Register Log In

my wsnlinks got hacked

Comments on my wsnlinks got hacked

gemini
Forum Regular

Usergroup: Customer
Joined: Oct 30, 2003

Total Topics: 54
Total Comments: 197
gemini
Posted Jul 04, 2006 - 7:23 AM:

I've been using WSNLinks for my full time job as advertisement management for real estate agents... it is not publicly available since it's in a sub-folder and root is password protected (even though the folder is not). Someone changed main.tpl, displaylinks.tpl and wraper.tpl files - added porn links, crap download links.. and javascript at the end of the wrapper to activate a couple of Trojans and download of wmf files... I alarmed my host about it.. not sure what they do at this point, but I cleaned up the tpl files - basically deleted pretty much everything and left only a couple of templates I edited at the beginning and attachment folder - overwritten everything and trying running upgrade.php but it gives me blank page. The application does not work... give me the following messages:


Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 94

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 108
Error: The file /pagination.tpl does not exist.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zaemxlth/public_html/ads/classes/database.php on line 108


Also, any ideas on security of this application? I have project I can not afford this happening and would like to make sure I do everything possible to avoid it. Appreciate any suggestions.
scanreg
Experienced

Usergroup: Customer
Joined: May 23, 2006

Total Topics: 16
Total Comments: 51
scanreg
Posted Jul 04, 2006 - 10:33 AM:

- following is not hack related -

Looked at your site, very nice :-)

Where did you get that U.S. map thing? I could use that for something.

Does it pull up link results per state?

Many thanks smiling face
gemini
Forum Regular

Usergroup: Customer
Joined: Oct 30, 2003

Total Topics: 54
Total Comments: 197
gemini
Posted Jul 04, 2006 - 10:42 AM:

I wasn't talking about the site in the signature.

I don'w want to link to the hacked site since it is not for wide public (company internal use only). I just figured out that every single template was altered with links and javascripts - I assume it was done automatically by a software...

The error messages were appearing on al the pages.... I had to remove the whole application and reinstall it again. The good this is - the data base was not touched.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Jul 04, 2006 - 1:35 PM:

If you read the pinned thread you'd know I will not comment on your mysql warnings because I'm not a psychic.

There was a security issue with setup.php in 3.3.20 and previous versions. Since you haven't given me any information whatsoever, naturally I will never be able to tell you if that's what the hacker used. If you can't provide me the vector of attack from the server log then naturally I can't confirm its existence or fix it.

You should be sure your host is using a secure PHP version, that magic_quotes is on and that fopen url wrappers are disabled (at least in php4 there was an issue with them which caused hosts to go with curl instead).
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



This thread is closed, so you cannot post a reply.