My site is on a shared server and there was a server wide hack by someone that I would like to kill. The hack has left my gallery in a bit of a state but everything is still there in place on the server. I think all it would take is to install the gallery again but I'm unsure what to install/overwrite because I don't want to lose any of the pics etc. Some of the things gone wrong is now on every page I see this instead of the title: {LANG_NAVORIGIN} and on the admin side I can still see the menu on the left but in the main frame I'm just getting a message from the person who hacked. Also on the admin side in the Language Misc/All I get this: {LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM} I've tried deleting it but it will not go.
It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?
Ok I have installed the latest version of the gallery 2.3.6 in the hope it would overwrite the old one and with it anything that was affected by the hack.
Nothing as improved though: On the admin side drop down menu's are not giving me the choice of 'Yes or No' It is just blank.
In the Customizations>language>Misc./All I am getting this which will not delete:
Hacked By Al-w7sh-Alkaser \\\ n-n5@hotmail.com: {LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM} [Delete]
The pagination on the site itself is still not right. The index page is known as {LANG_NAVORIGIN} where other pages link to it so it looks something like: {LANG_NAVORIGIN} | Page One | Page Two
{LANG_NAVORIGIN} appears at the very top of the browser on every page where 'Gallery - Page One' used to be.
Can someone please help. Everything is still there in place and the appearance and style of the site which also was affected is not right (I can fix that myself) I am sure there is probably a simple fix I just don't know what.
It's language which they modified, which means the file(s) in your /languages/ directory. On upgrades your old language is normally retained, so you'll need to overwrite it with the file from /languages/setup/. You'll have to redo your language customizations after this of course, if you had any.
You should scan any 777 directories such as /attachments/ for suspicious files such as php files which the hacker could use to keep control, though the nature of the defacement looks more like a kid who wouldn't bother.
It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?
WSN Guest was written many years ago and had the language in the database, unfortunately this means it's harder to fix. You could replace the wsnguest_language table in phpmyadmin with one from a new install. You might also need to overwrite any templates which had been chmoded to be writeable such that the hacker may have changed them.
Also, to avoid the dangers of shared hosting you can get a virtual private server pretty cheap from Tektonic (I previously used them though I've since moved to Liquid Web for faster speed and better support).
That worked for the most part although the hack still shows or is still working when I click on the 'Options' and the 'PM' link on the gallerie's members side. Also when I try to edit 'image details' I get a 406 error, all the others I have tried to edit so far have been succesful it's just the image details one.
Thanks for the tip and links regard virtual private server's I will definitely check them out.
Comments on Server Hacked
Member
Usergroup: Customer
Joined: Jan 20, 2006
Total Topics: 11
Total Comments: 26
Hi,
My site is on a shared server and there was a server wide hack by someone that I would like to kill.
The hack has left my gallery in a bit of a state but everything is still there in place on the server. I think all it would take is to install the gallery again but I'm unsure what to install/overwrite because I don't want to lose any of the pics etc. Some of the things gone wrong is now on every page I see this instead of the title: {LANG_NAVORIGIN} and on the admin side I can still see the menu on the left but in the main frame I'm just getting a message from the person who hacked. Also on the admin side in the Language Misc/All I get this:
{LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM} I've tried deleting it but it will not go.
It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?
Any help would be appreciated, thanks,
Paul
Member
Usergroup: Customer
Joined: Jan 20, 2006
Total Topics: 11
Total Comments: 26
Ok I have installed the latest version of the gallery 2.3.6 in the hope it would overwrite the old one and with it anything that was affected by the hack.
Nothing as improved though:
On the admin side drop down menu's are not giving me the choice of 'Yes or No'
It is just blank.
In the Customizations>language>Misc./All
I am getting this which will not delete:
Hacked By Al-w7sh-Alkaser \\\ n-n5@hotmail.com:
{LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM}
[Delete]
it appears above this:
charset:
{LANG_CHARSET}
[Delete]
email_emaillinkbody:
{LANG_EMAIL_EMAILLINKBODY}
[Delete]
The pagination on the site itself is still not right. The index page is known
as {LANG_NAVORIGIN} where other pages link to it so it looks something like:
{LANG_NAVORIGIN} | Page One | Page Two
{LANG_NAVORIGIN} appears at the very top of the browser on every page where
'Gallery - Page One' used to be.
Can someone please help. Everything is still there in place and the appearance
and style of the site which also was affected is not right (I can fix that myself) I am sure there is probably a simple fix I just don't know what.
Thanks
Paul
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
It's language which they modified, which means the file(s) in your /languages/ directory. On upgrades your old language is normally retained, so you'll need to overwrite it with the file from /languages/setup/. You'll have to redo your language customizations after this of course, if you had any.
You should scan any 777 directories such as /attachments/ for suspicious files such as php files which the hacker could use to keep control, though the nature of the defacement looks more like a kid who wouldn't bother.
It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?
WSN Guest was written many years ago and had the language in the database, unfortunately this means it's harder to fix. You could replace the wsnguest_language table in phpmyadmin with one from a new install. You might also need to overwrite any templates which had been chmoded to be writeable such that the hacker may have changed them.
Also, to avoid the dangers of shared hosting you can get a virtual private server pretty cheap from Tektonic (I previously used them though I've since moved to Liquid Web for faster speed and better support).
Member
Usergroup: Customer
Joined: Jan 20, 2006
Total Topics: 11
Total Comments: 26
Hi Paul,
That worked for the most part although the hack still shows or is still working when I click on the 'Options' and the 'PM' link on the gallerie's members side.
Also when I try to edit 'image details' I get a 406 error, all the others I have tried to edit so far have been succesful it's just the image details one.
Thanks for the tip and links regard virtual private server's I will definitely check them out.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
Those don't sound like language issues, so check that the related templates are okay and that the php files are okay.
Looking up 406 errors doesn't suggest anything but that such errors should never show in a browser: http://www.checkupdown.com/status/E406.html