Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

My school website has been hack

my school website has been hack.. the hacker was send this message...

"this website vulnerable for sql injection method..please patch your site.. i've been upload my backdoor using tamper data "...

what should i do next...
help please...
Hello. The first thing you need to do is to backup everything (files and MySQL database), clean up all your files from your webserver and install the latest PHP-Fusion version and put it in maintenance mode on your website. The core itself doesn't have any known vulnerabilities so this will be a good start.

Next, spend some serious time identifying and making the list of all the extra components you installed on your PHP-Fusion site. It's most likely one of them responsible for the vulnerability. Of course, you should also make sure you don't have other scripts on your website. Some people use several scripts on their domains and in such cases it will be very hard to identify the culprit without server logs.

The message says you have a backdoor uploaded on your site. This is most likely a php file, so you will have to look for any php file that doesn't belong to PHP-Fusion. It isn't easy, but you'll have to do it, or at least ask someone else to look for it, because you have to identify and eliminate two things:

1. The backdoor
2. The vulnerable add-on
i was checked the modification date of all the file... and i dont find any file that was modified on the date and time he/she login.... is't a joking or what...

Merged on May 11 2012 at 07:17:22:
i have the hackers IP, email n her/his web site.
"124.13.182.15"

qreyzee1813(@)gmail.com
fiqri1813(@)yahoo.com
http(://www).h4ck1ngw1thf1qr1.com
remove ()

what should i do next... i just delete my sql database and restore back from my backup...
Either the "hacker" is trolling you, or you were actually hacked.

kneekoo pretty much hit the nail on the head for instructions.

Put your site in maintenance mode, check all files, check your DB, disable all addons, delete bad content, etc...

Are you sure you didn't see any extra files that you didn't put there? (maybe in another directory?)
you cant upload a file through sql injection.
i was checked all the file in public html... there are no file that have been modified on 10/5/2012 (the day he/she said he upload a backdoor)...
The backdoor could have been uploaded previously so you should rather check for modified files during the last week or even month. But for your safety you should check everything. It's a school website, so it does matter. You won't look good if someone steals and publishes anything from your website, so take your time and do the right thing for your own sake.

@Ugleh: The so-called hacker didn't say he uploaded a backdoor through an SQL injection but if certain add-ons are not well protected using the core functions you can end up offering hackers the opportunity of injecting MySQL code that changes the allowed attachment types in PHP-Fusion, then upload a PHP script as the backdoor and even change the allowed file-types back to normal, so nothing looks strange to the admins.
Thread Information
Author
Posted In
Replies
7 posts
Views
3538 times
Last Post
Last updated on 8 years ago
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Users who participated in discussion: kneekoo, Ugleh, amex, skpacman