Need help with Admin log in! Was I hacked>??? [Archive]

View Full Version : Need help with Admin log in! Was I hacked>???

aaronlindberg

08-06-2007, 06:33 PM

Hello everyone,
I did a search for this problem but didn't come up with anything that helped me. On my admin log in I can not access anything.
http://aaronlindberg.com/photoblog/admin/
It has what looks like a iframe and this concerns me. Also at the top of my header on my photoblog. www.photokidblog.com you can see code after the title of my page. (something about conterwars.info etc...)
I have no clue as to how to log in and change this so if any of you have ideas I would be grateful in hearing them. I think I might have been hacked.
Thanks in advance for your help,
Aaron Lindberg

GeoS

08-06-2007, 07:02 PM

It looks like other user of your box hacked sites at it or that was made in other way. Anyway - contact with your webhosts support.

Dennis

08-06-2007, 07:05 PM

Ok, here we go. Before I get around the fix I have to say the following:

Pixelpost was not hacked, your server was. Is it Pixelpost's fault? No, probably the server was hacked by scriptkiddies and they tried to inject stuff in the index.php file.

First things first. Login with your FTP account, check the folder permissions on admin. They should be 755 and not 777. Secondly, check the permissions on the index.php file (likewise 755 is good, 777 is wrong)

Rename the index.php file to index.php.hacked and replace with a fresh copy of the install you have. If you have 1.6 download it from our website and copy the index.php file.

Now do all the checks for the index.php in your main folder also. There is also an iframe located in the title. Rename the index.php and copy the index.php from the fresh download.

If you feel comfortable, please contact me privately with your FTP account settings. I can take a look and fix things.

You can contact me through e-mail or direct message.

Dennis

08-07-2007, 06:52 AM

Issue has been fixed. It was rather peculiar: in the database were the sitetitle is stored code for an <iframe> was added. The size of the sitetitle is limited so not the whole html statement was there.

However, this still caused the page to break so you're unable to login into the adminpanel.

Tonight I will take precautions to make sure HTML won't be parsed in the title.