Results 1 to 14 of 14

Thread: Site being repeatedly hacked recently...

  1. #1

    Join Date
    Dec 2001
    Location
    massachusetts
    Posts
    71
    Rep Power
    16

    Site being repeatedly hacked recently...

    Hi,

    Some F-N TWIT has hit my site with some Psy virus that is wiping my entire site out basically. I changed my passwords (OPS, website, database for MySQL and e107 database pw) and STILL this little ******** is getting in. I spent 45 mins re-uploading site after PowWeb support said they restored it (nope, unless it got hacked after they did it, possible...). Support told me to update to latest version, so I grabbed 0.7.22 upgrade AND the full install just in case I had to rebuild locally before uploading it again. I no sooner finished uploading site AND the upgrade files so I could log in and work on tightening it up some more that the peckerhead HIT IT AGAIN and started uploading the sh.txt and associated files with it. I sent a bit of a flamer to Support that they need to resolve this hacking issue on their end. They should also HAVE UPDATED e107 to latest on THEIR END so I could do an update this way. But no, they have no foreseeable timeframe for this (what I was told in support chat last saturday morning when I found my site trashed).

    Anyone else running e107 from InstallCentral at that version and getting hacked or have you gone and done the updates yourself and rebuilt/updated whatever needed to be done to get current? If so, what'd you do? If this isn't resolved to my satisfaction ASAP I am leaving. I've been here for a long time now, hardly post since things have been working well for the most part. Minor hiccups when they made a change to the databases that they didn't inform us on the support page (another thread somewhere on here).

    Anyways, I am rightly pissed off about this and would love to get this little pecker in a room with NO WINDOWS and noone around to hear me beat the living daylights out of this tard.

    Sorry if this appears a bit hostile but I am pissed off, and rightly so.

    Mike

  2. #2
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    Invariably the Install Central versions are out of date. It is common for people with out-of-date forums etc to be hacked, ergo with the Install Central version you will be hacked eventually.

    The solution is in your hands, download and install a fresh version with all the latesst patches. Support isn't set up to support the forums and other software provided by them, just problems with initial installation and their service provision.

    You seem to have followed that, but still fallen prey to a problem. My suggestion is to look for files that didn't get deleted or ones that got changed. A fresh install into a new directory and then point to that and removing all files should do the trick.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  3. #3

    Join Date
    Dec 2001
    Location
    massachusetts
    Posts
    71
    Rep Power
    16
    I am going to look into that but have to get everything tweaked before uploading so they can't get into it, the pathing change was one that I was going to try next. I'll see what I can do with a fresh version of their software. I need to add in any additional files (shopsite for one) that isn't part of e107. I am just ticked off from this hack AND at powweb for not staying updated with the software. They have not updated for TWO YEARS. That is rather unacceptable too IMHO.

  4. #4
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    Depite many requests, the policy hasn't changed at Powweb - they offer the software, but don't keep it up to date and then complain when the sites become compromised. I suspect other providers who offer similar free software installations also do the same.

    It's always best, if you can, to use software direct from the publishers and their website. It may take more in integrating various options, but in the end your site will be more secure. Powweb have never, in my recollection, offered the software up-to-date from Install Central - it's always been out of date, even when they do update.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  5. #5

    Join Date
    Dec 2001
    Location
    massachusetts
    Posts
    71
    Rep Power
    16
    Well I am in the process of at least trying to get it installed again with the latest versions and hopefully I'll get it done before I have to head to work (soon). Otherwise I'll have to see if it's hacked when I get home tonight and redo it all over again when I have a bit more time.

    MIke

  6. #6
    Rick
    Join Date
    May 2002
    Location
    Minneapolis, MN
    Posts
    1,753
    Rep Power
    19
    When your site is hacked, it's best to completely wipe out all of the existing files on the site before restoring the files from your back-ups. This eliminates the possibility that the hacker installed a script on your site that either allows him an invisible gateway back in, or that (more likely) automatically re-infects the site. Good luck!
    Rick Trethewey

  7. #7
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    17
    I am not familiar with e107. Does it allow you to add in modules from third parties and have you added any in? Just curious if maybe the issue isn't with the root CMS.
    ________________________________
    Find me on twitter: @entrecon

  8. #8

    Join Date
    Dec 2001
    Location
    massachusetts
    Posts
    71
    Rep Power
    16
    Quote Originally Posted by entrecon View Post
    I am not familiar with e107. Does it allow you to add in modules from third parties and have you added any in? Just curious if maybe the issue isn't with the root CMS.
    Hi,

    No. I use what modules come with it (chatbox, personal messages, forum, etc). I got things up but need to do some more tweaking to get it to load the index.php file. I may have to look at the .htaccess for redirection. I am a bit rusty on it.

    Mike

  9. #9
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    West Virginia
    Posts
    3,458
    Rep Power
    22
    Quote Originally Posted by metalmike View Post
    ..need to do some more tweaking to get it to load the index.php file.
    Tweaking? The server serves an index file by default. A .html file is looked for first, if it doesn't exist and an index.php file does, it (the PHP file) is served.
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  10. #10

    Join Date
    Dec 2001
    Location
    massachusetts
    Posts
    71
    Rep Power
    16
    Quote Originally Posted by snowmaker View Post
    Tweaking? The server serves an index file by default. A .html file is looked for first, if it doesn't exist and an index.php file does, it (the PHP file) is served.
    Yes, I know. But I changed the directory name of e107 to something else. If I use my website address I get no page found. If I point to the /directoryname/index.php it shows. I need to look at how to now show the subdirectory (hide it) and have it hit that page (index.php) again. I don't have a .htaccess file inside it nor inside htdocs. So I still have a little bit of tweaking to do. I also lost all prior members with this update (full install) and wasn't sure what I needed to replace file-wise to get them back and I also need to go through and get my webstore back online as a link as I previously had. So some minor glitches but as of an hour ago no hacks yet. I told support I'll close the ticket next week if I get through the weekend without any hacks. If you got info on how to not show the full path to the index.php file, send me a pm with details so I can work it into the files. Otherwise I gotta peruse e107.org's forums more.

    Thanks,

    Mike

  11. #11
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,333
    Rep Power
    27
    If no re-exploit of old crap code occours within 48 hrs you should be cool. The path should be set in the webstore then via FTP. Before you do make backups of everything. Install and run Malwarebytes and Ad-Aware or similar on your computer/s plus run any antivirus you have fully to make sure you are not going to re-infect yourself and others. Once sure, resubmit your site to Google Webmasters.
    Croc Hunter MSC :

  12. #12

    Join Date
    Jan 2002
    Posts
    52
    Rep Power
    16

    Site Continuously being hacked

    Man, I got a few Sites with Powweb but the Customers are getting Tired of them getting HACKED.
    MY question is is the problem a Virus on a home PC or is it the Code on POWWEB
    Even when I or they upload the new files it still don't work. The weird thing is these are sites that haven't been updated in 6months to years

    one of the site is our church
    www(dot)cedarcreekame(dot)org

    Henry
    Last edited by IanS; 6-8-11 at 11:37 AM. Reason: Altered link to 'infected' site and removed link to redirected landing page.

  13. #13

    Join Date
    Jan 2002
    Posts
    52
    Rep Power
    16
    Quote Originally Posted by Croc Hunter View Post
    If no re-exploit of old crap code occours within 48 hrs you should be cool. The path should be set in the webstore then via FTP. Before you do make backups of everything. Install and run Malwarebytes and Ad-Aware or similar on your computer/s plus run any antivirus you have fully to make sure you are not going to re-infect yourself and others. Once sure, resubmit your site to Google Webmasters.
    what do you mean resubmit your site to google webmaster

  14. #14
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    Quote Originally Posted by hgoodson View Post
    Man, I got a few Sites with Powweb but the Customers are getting Tired of them getting HACKED.
    MY question is is the problem a Virus on a home PC or is it the Code on POWWEB
    Even when I or they upload the new files it still don't work. The weird thing is these are sites that haven't been updated in 6months to years

    one of the site is our church
    www(dot)cedarcreekame(dot)org

    Henry
    It appears that the site code on Powweb is compromised in some way. As it is compromised I can't tell what was originally there. If they're not updated frequently, then that could be the cause!
    Any site relying on Wordpress or other software needs to be updated frequently to remove holes in the software.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •