|
my school website has been hack
|
| amex |
Posted on 11-05-2012 03:47
|
Newbie
Posts: 8
Joined: 19/06/2008
|
my school website has been hack.. the hacker was send this message...
"this website vulnerable for sql injection method..please patch your site.. i've been upload my backdoor using tamper data "...
what should i do next...
help please... |
| |
|
|
| kneekoo |
Posted on 11-05-2012 04:48
|
Senior Member
Posts: 278
Joined: 20/01/2006
|
Hello. The first thing you need to do is to backup everything (files and MySQL database), clean up all your files from your webserver and install the latest PHP-Fusion version and put it in maintenance mode on your website. The core itself doesn't have any known vulnerabilities so this will be a good start.
Next, spend some serious time identifying and making the list of all the extra components you installed on your PHP-Fusion site. It's most likely one of them responsible for the vulnerability. Of course, you should also make sure you don't have other scripts on your website. Some people use several scripts on their domains and in such cases it will be very hard to identify the culprit without server logs.
The message says you have a backdoor uploaded on your site. This is most likely a php file, so you will have to look for any php file that doesn't belong to PHP-Fusion. It isn't easy, but you'll have to do it, or at least ask someone else to look for it, because you have to identify and eliminate two things:
1. The backdoor
2. The vulnerable add-on
|
| |
|
|
| amex |
Posted on 11-05-2012 07:09
|
Newbie
Posts: 8
Joined: 19/06/2008
|
i was checked the modification date of all the file... and i dont find any file that was modified on the date and time he/she login.... is't a joking or what...
Merged on May 11 2012 at 07:17:22:
i have the hackers IP, email n her/his web site.
"124.13.182.15"
qreyzee1813(@)gmail.com
fiqri1813(@)yahoo.com
http(://www).h4ck1ngw1thf1qr1.com
remove ()
what should i do next... i just delete my sql database and restore back from my backup...
Edited by amex on 11-05-2012 07:20
|
| |
|
|
| skpacman |
Posted on 11-05-2012 16:06
|
Member
Posts: 103
Joined: 23/04/2009
|
Either the "hacker" is trolling you, or you were actually hacked.
kneekoo pretty much hit the nail on the head for instructions.
Put your site in maintenance mode, check all files, check your DB, disable all addons, delete bad content, etc...
Are you sure you didn't see any extra files that you didn't put there? (maybe in another directory?)
|
| |
|
|
| Ugleh |
Posted on 11-05-2012 21:39
|
Member
Posts: 164
Joined: 23/03/2007
|
you cant upload a file through sql injection. |
| |
|
|
| amex |
Posted on 12-05-2012 14:06
|
Newbie
Posts: 8
Joined: 19/06/2008
|
i was checked all the file in public html... there are no file that have been modified on 10/5/2012 (the day he/she said he upload a backdoor)... |
| |
|
|
| kneekoo |
Posted on 14-05-2012 14:49
|
Senior Member
Posts: 278
Joined: 20/01/2006
|
The backdoor could have been uploaded previously so you should rather check for modified files during the last week or even month. But for your safety you should check everything. It's a school website, so it does matter. You won't look good if someone steals and publishes anything from your website, so take your time and do the right thing for your own sake.
@Ugleh: The so-called hacker didn't say he uploaded a backdoor through an SQL injection but if certain add-ons are not well protected using the core functions you can end up offering hackers the opportunity of injecting MySQL code that changes the allowed attachment types in PHP-Fusion, then upload a PHP script as the backdoor and even change the allowed file-types back to normal, so nothing looks strange to the admins.
|
| |
|
