Webmastersite.net
Register Log In

Server Hacked

Comments on Server Hacked

Paul Grego
Member

Usergroup: Customer
Joined: Jan 20, 2006

Total Topics: 11
Total Comments: 26
Posted Jul 20, 2006 - 6:54 AM:

Hi,

My site is on a shared server and there was a server wide hack by someone that I would like to kill.
The hack has left my gallery in a bit of a state but everything is still there in place on the server. I think all it would take is to install the gallery again but I'm unsure what to install/overwrite because I don't want to lose any of the pics etc. Some of the things gone wrong is now on every page I see this instead of the title: {LANG_NAVORIGIN} and on the admin side I can still see the menu on the left but in the main frame I'm just getting a message from the person who hacked. Also on the admin side in the Language Misc/All I get this:
{LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM} I've tried deleting it but it will not go.

It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?

Any help would be appreciated, thanks,

Paul
Paul Grego
Member

Usergroup: Customer
Joined: Jan 20, 2006

Total Topics: 11
Total Comments: 26
Posted Jul 21, 2006 - 12:10 PM:

Ok I have installed the latest version of the gallery 2.3.6 in the hope it would overwrite the old one and with it anything that was affected by the hack.

Nothing as improved though:
On the admin side drop down menu's are not giving me the choice of 'Yes or No'
It is just blank.

In the Customizations>language>Misc./All
I am getting this which will not delete:

Hacked By Al-w7sh-Alkaser \\\ n-n5@hotmail.com:
{LANG_HACKED BY AL-W7SH-ALKASER \\ N-N5@HOTMAIL.COM}
[Delete]

it appears above this:

charset:
{LANG_CHARSET}
[Delete]

email_emaillinkbody:
{LANG_EMAIL_EMAILLINKBODY}
[Delete]


The pagination on the site itself is still not right. The index page is known
as {LANG_NAVORIGIN} where other pages link to it so it looks something like:
{LANG_NAVORIGIN} | Page One | Page Two

{LANG_NAVORIGIN} appears at the very top of the browser on every page where
'Gallery - Page One' used to be.



Can someone please help. Everything is still there in place and the appearance
and style of the site which also was affected is not right (I can fix that myself) I am sure there is probably a simple fix I just don't know what.

Thanks

Paul

Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Jul 22, 2006 - 3:14 AM:

It's language which they modified, which means the file(s) in your /languages/ directory. On upgrades your old language is normally retained, so you'll need to overwrite it with the file from /languages/setup/. You'll have to redo your language customizations after this of course, if you had any.

You should scan any 777 directories such as /attachments/ for suspicious files such as php files which the hacker could use to keep control, though the nature of the defacement looks more like a kid who wouldn't bother.

It also affected my WSN Guestbook, everything is still in place on the server but I can't access the control panel, what to install and overwrite?

WSN Guest was written many years ago and had the language in the database, unfortunately this means it's harder to fix. You could replace the wsnguest_language table in phpmyadmin with one from a new install. You might also need to overwrite any templates which had been chmoded to be writeable such that the hacker may have changed them.

Also, to avoid the dangers of shared hosting you can get a virtual private server pretty cheap from Tektonic (I previously used them though I've since moved to Liquid Web for faster speed and better support).
Paul Grego
Member

Usergroup: Customer
Joined: Jan 20, 2006

Total Topics: 11
Total Comments: 26
Posted Jul 22, 2006 - 3:21 PM:

Hi Paul,

That worked for the most part although the hack still shows or is still working when I click on the 'Options' and the 'PM' link on the gallerie's members side.
Also when I try to edit 'image details' I get a 406 error, all the others I have tried to edit so far have been succesful it's just the image details one.



Thanks for the tip and links regard virtual private server's I will definitely check them out.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Jul 23, 2006 - 9:38 AM:

Those don't sound like language issues, so check that the related templates are okay and that the php files are okay.

Looking up 406 errors doesn't suggest anything but that such errors should never show in a browser: http://www.checkupdown.com/status/E406.html
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



This thread is closed, so you cannot post a reply.