Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
Today i logged into admin panel and I found something disquieting. There was new panel on my panels list called "System". I looked in database to check it, the panel code was:


And there was a javascript in site source code:


Version is 6.01.19.
I guess it's encoded by base64, but I can't decode it. Any ideas?

Mod: Removed hacker code from public view
I am sorry to hear that, lets try and find out how they achieved it.

Can you please follow these steps and provide the info?

1. Go to PHPMyAdmin and disable all the panels manually.

To do this go into your DB in PHPMyAdmin and look for the table...

fusion_panels select "Browse" and you will now see all your panels.

Disable them all by editing each one Change panel_status for all to 0 and save.

2. Now go to your site and turn on Maintenance Mode.

3. Change your Password and all Admin Passwords

4. Change FTP & All SQL Password and other Host related passwords just to make sure.




Now what we need to know is....



a.What exact version of PHP-Fusion are you running?

b. What Mods/ Infusions/ Panels were you using?

c. Do you know the estimated time this hack happened?

d. Do you have Access Log for roughly the last 24 hours you can provide or check yourself?

e. Do you have any other info we should know?
I have already changed all passwords and removed panel from db.

a.What exact version of PHP-Fusion are you running?
6.01.19 (I guess I put this thread in a wrong section)

b. What Mods/ Infusions/ Panels were you using?
IP Polls, News Archive, Slideshows Random Photo Panel
and my own friendly URL mod (htaccess).

c. Do you know the estimated time this hack happened?
Unfortunately no. It could have happened a pretty long time ago. One of my users told me today, that his antivirus blocks this script.

d. Do you have Access Log for roughly the last 24 hours you can provide or check yourself?
I got it, but in my opinion there's nothing unexpected.

e. Do you have any other info we should know?
I had some DoS attacks recently.
Do you know the IP of the Hacker?
Nope.
Upgrade to the latest Version of PHP-Fusion V7, V7 rocks.

Look through all your folders for suspicious files.
it's best to keep on changing passwords of using special characters of all admin panels.
Please transfer to PHP-Fusion 6 Support
Thread Information
Author
Replies
8 posts
Views
7,353 times
Last Post
Last updated on 9 years ago
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.