0
Welcome Guest! Login
0 items Join Now

Hacked, one man’s success story.

Last Post
Search Topic

  • Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • My site Joomla 1.5.3 site (Kibun.co.nz) was hacked yesterday by a parasite that I’ll not do the justice of naming.
      I managed to fix this, which is pretty good as I am in no way shape or form a programmer, coder or anything really.

      I though I’d go through the steps that I did to get my site backup and operational in case someone else has the same issue.

      The Fault:
      My frontpage was high jacked as well as the Super Admin’s username and password had been changed and I could not log into the front page.
      There was also a secondary issue with one of my email account mysteriously changing it’s password (another issue, I hope).

      Sadly my backup was a bit on the non existent site and it was about 1am when I checked the issue.

      What I found:
      The sites templates index.php file had been written over and listed ‘this site has been hacked by…’
      As this was a Rocket theme template it was easy to find the correct file from a n earlier Rocket theme installation.
      Copied this over the file that had been hacked and the site was backup and running.

      I tried to log into the backend… no go as the password had changed.
      I logged in the sites controlpanel, went to the mysql management area and navigated to the sites database.
      I looked up the jos_users data… this is where I was a bit fortunate as I have another site that did not get hacked that uses the same password and repeated the process listed here on that site and copied and pasted the password code from the good site to the site that had been hacked.

      Once this was complete I could log back into the backend of the site.

      From there I went to Joomla.org and downloaded the upgrade from J1.5.3 to J1.5.6, extracted and uploaded ALL the files to the site.

      Have tested and all good. I hope.

      If anyone has a similar issue and gets stuck with this, PM me and I can offer some assistance.

      And as a note, to all trying to be hackers, think again.
      You never know, one day you might be talking to your mates somewhere about your latest exploit and someone just might rock up and plant your sticks in the ground.
    #215333

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • Your post got me back online... Thanks for making the time to share your experience.

      Cheers
    #215375

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • No worries, us Jackson's have to stick together after all! ;)
    #215378

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • You're a rockstar!
    #215381

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • No M'am, just another modest, hard working, Eugene doing his part for the community… hmmmm think I like the Rockstar thing better – where do I sign up? Is previous experience required?

      Just kidding, glad you got your site back. ;)
    #215383
    • DG Rogers's Avatar
    • DG Rogers
    • Jr. Rocketeer
    • Posts: 24
    • Thanks: 0

    Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • Woke up thisw morning to find my local news site had been hacked by turks.

      They deleted by admin name and set up their own
      Deleted my user base.

      Hacked into the index.php file in the Template folder.

      To fix this I:

      Followed this to change the hacker's password

      developer.joomla.org/bug-squad-blog/244-...trator-password.html

      Logged in under the super username the hacker had set up.

      Created a new account.

      Deleted the hacker

      replaced the index.php file with the one from the original template (the index.php file in the templates folder, not int he root directory)

      Upgraded to Joomla 1.5.6 (very important to stop it again)

      Cheers
    #216308

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • I too got hacked. I've changed the admin login (thru myphp) and replaced the index.php (in templates). My frontpage is still showing the hacked page ( www.jaebee.com ). What do I do?
    #216516
    • DG Rogers's Avatar
    • DG Rogers
    • Jr. Rocketeer
    • Posts: 24
    • Thanks: 0

    Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • Jeffrey Bordes wrote:
      I too got hacked. I've changed the admin login (thru myphp) and replaced the index.php (in templates). My frontpage is still showing the hacked page ( www.jaebee.com ). What do I do?
      Jeffrey Bordes wrote:
      I too got hacked. I've changed the admin login (thru myphp) and replaced the index.php (in templates). My frontpage is still showing the hacked page ( www.jaebee.com ). What do I do?

      Your hacker seems to have changed the page that shows when you put your site off for maintainance. Try turning off the maintainance mode in global configurations and see if your site comes back up, if it does you need to find where the maintainance page is. Don't forget to upgrade to 1.5.6.

      Not overly helpful but maybe it points you in the right direction.
    #216527

  • Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • Wow...great call! That took care of it! Thanks! ;D
    #216550
    • AzzX's Avatar
    • AzzX
    • Rocketeer
    • Posts: 79
    • Thanks: 0

    Re: Hacked, one man’s success story.

    Posted 16 years 2 months ago
    • Is this another XSS exploit as overwriting the altered Joomla files is not going to fix your site this easily. Check your site for hidden html and php files as well.
    #216555

Time to create page: 0.057 seconds