WSN Links is quite unlikely to be hacked if for no other reason than that there's no branding mark. 99% of hacks consist of a hacker reading about a security flaw in a script, writing their exploit, and then googling for all sites containing "Powered by phpBB" or the like in order to try them all. That's obviously not possible for the full version of WSN Links. Even going to your site manually, there's no way someone would know it was WSN Links unless they had a reason to guess it and just needed confirmation.
'Course I do try to have security by more than just obscurity. There was an exploit once in version 2.2 or so, but it was patched and I never heard of anyone actually being hacked because of it.
They somehow changed a good bit of my template - replacing images and text. Many database settings were changed - it looks like they may have sent email to members and changed several email addresses.
In my database I found the email tables were screwy and the settings table variables were changed.
The hacker left the name LatinPimp - but I havent been able to located anything more of a hacker by that name.
All my redrects had been changed and I found it impossible to get into my administration area.
I have 10 domain on the same hosting account, and many subdomains. Nothing else was bothered, so I am leaning more to the thought that they came in from wsnlinks.
I have removed and reinstalled all ...
My host did a backup of the database - then I had errors in the script talking to the database for hours.
A upgrade finally fixed that - but not without losing my templates.
Here is a sniplet of the settings table variables..
NSERT INTO wsnlinks_settings (id, name, content) VALUES (329,'termsofservice','<html>\r\n<title>Hacked by latinpimp</title>\r\n<body>\r\n<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>\r\n<font color=red><b><center><big><big><big><big><big><big><big><big><big><big><big><big>PWNED!</big></center></b></font>\r\n</body>\r\n</html>\r\n'); INSERT INTO wsnlinks_settings (id, name, content) VALUES (330,'bannedemails',' '); INSERT INTO wsnlinks_settings (id, name, content) VALUES (331,'throw404s','<html>\r\n<title>Hacked by latinpimp</title>\r\n<body>\r\n<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>\r\n<font color=red><b><center><big><big><big><big><big><big><big><big><big><big><big><big>PWNED!</big></center></b></font>\r\n</body>\r\n</html>\r\n'); INSERT INTO wsnlinks_settings (id, name, content) VALUES (332,'expirationwarningdays','0');
Well, one would think I would be hacked first since my WSN installs should be easiest to identify.
The admin password wasn't something that would be easily guessed?
damon wrote: Dont forget to delete setup.php after install
No, do go ahead and forget. It is logically impossible for setup.php to be a security issue, due to the order of execution and the fact that it's not multi-page. It obviously wasn't used as well because it would overwrite the whole install with a new one instead of making changes to an existing one.
Dawn Wentworth wrote: You can log in at first creation - but once you log out, your unreconized.
That sounds like what would happen when a cookie path is incorrect or there are multiple cookies... some sort of cookie issue.
Anyhow, you can always do a new install and use phpmyadmin to re-add the data.
It looks more like an sql injection. Random tables injected with the same data - that overwrote the data in them.
If that isn't a possibility then .. maybe the password was the issue.
But so much more or different would have or could have been done with full access.
The data that was replaced ... was all identical in random tables..
I have heard of sql injection before - but do not know anything of it or the workings of sql enough to understand yet.
As far as getting logged in .. I did try all the suggestions with cookies from the help files .. I figure this is the problem - tracking it down or reinstalling soon as I get the time.
If you search Google for "www*/wsnlinks/" it's fairly easy to find WSNlinks sites to hack. That's one reason I've been thinking of changing it on my installs, but then I have to make a redirect with .htacesss and might lose PR.
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on Site was hacked
Member
Usergroup: Customer
Joined: Sep 13, 2005
Total Topics: 6
Total Comments: 13
Site was hacked and defaced yesterday. My database backup is corrupt. The backup quits around the "email" tables.
I am paying my web host for a backup - and waiting on that now.
Looking for any advise for future recomendations - I don't ever want to go through this again ..
Member
Usergroup: Customer
Joined: Oct 30, 2004
Total Topics: 18
Total Comments: 47
Are you running anything else like
phpBB or old version of Mambo or something?
Did they hack through your wsnlinks?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
WSN Links is quite unlikely to be hacked if for no other reason than that there's no branding mark. 99% of hacks consist of a hacker reading about a security flaw in a script, writing their exploit, and then googling for all sites containing "Powered by phpBB" or the like in order to try them all. That's obviously not possible for the full version of WSN Links. Even going to your site manually, there's no way someone would know it was WSN Links unless they had a reason to guess it and just needed confirmation.
'Course I do try to have security by more than just obscurity. There was an exploit once in version 2.2 or so, but it was patched and I never heard of anyone actually being hacked because of it.
Member
Usergroup: Customer
Joined: Sep 13, 2005
Total Topics: 6
Total Comments: 13
from what I can tell thus far ...
They somehow changed a good bit of my template - replacing images and text. Many database settings were changed - it looks like they may have sent email to members and changed several email addresses.
In my database I found the email tables were screwy and the settings table variables were changed.
The hacker left the name LatinPimp - but I havent been able to located anything more of a hacker by that name.
All my redrects had been changed and I found it impossible to get into my administration area.
I have 10 domain on the same hosting account, and many subdomains. Nothing else was bothered, so I am leaning more to the thought that they came in from wsnlinks.
I have removed and reinstalled all ...
My host did a backup of the database - then I had errors in the script talking to the database for hours.
A upgrade finally fixed that - but not without losing my templates.
Here is a sniplet of the settings table variables..
WSNLinks is the only thing script installed here.
Member
Usergroup: Customer
Joined: Oct 14, 2005
Location: Singapore
Total Topics: 11
Total Comments: 31
Hope its getting better now dawn.
just my 2 cents. Dont forget to delete setup.php after install
Member
Usergroup: Customer
Joined: Sep 13, 2005
Total Topics: 6
Total Comments: 13
Thanks for the reminder .. I had forgotten. Other problems still lurk.
I can not log in .. I followed all the suggestions in the support manual. You can log in at first creation - but once you log out, your unreconized.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
Well, one would think I would be hacked first since my WSN installs should be easiest to identify.
The admin password wasn't something that would be easily guessed?
Dont forget to delete setup.php after install
No, do go ahead and forget. It is logically impossible for setup.php to be a security issue, due to the order of execution and the fact that it's not multi-page. It obviously wasn't used as well because it would overwrite the whole install with a new one instead of making changes to an existing one.
You can log in at first creation - but once you log out, your unreconized.
That sounds like what would happen when a cookie path is incorrect or there are multiple cookies... some sort of cookie issue.
Anyhow, you can always do a new install and use phpmyadmin to re-add the data.
Member
Usergroup: Customer
Joined: Sep 13, 2005
Total Topics: 6
Total Comments: 13
It looks more like an sql injection. Random tables injected with the same data - that overwrote the data in them.
If that isn't a possibility then .. maybe the password was the issue.
But so much more or different would have or could have been done with full access.
The data that was replaced ... was all identical in random tables..
I have heard of sql injection before - but do not know anything of it or the workings of sql enough to understand yet.
As far as getting logged in .. I did try all the suggestions with cookies from the help files .. I figure this is the problem - tracking it down or reinstalling soon as I get the time.
Member
Usergroup: Customer
Joined: Sep 27, 2005
Location: Canada
Total Topics: 12
Total Comments: 32
If you search Google for "www*/wsnlinks/" it's fairly easy to find WSNlinks sites to hack. That's one reason I've been thinking of changing it on my installs, but then I have to make a redirect with .htacesss and might lose PR.