The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

a website has been hacked

Discussion in 'General Discussion' started by Bert W, Jun 23, 2003.

  1. Bert W

    Bert W Member

    Joined:
    Mar 2, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I installed php-nuke on a web site and it has been hacked. when going to the 'home' page, it shows and then redirects to someone else.
    how do I clear this out from the site? I am willing to remove php-nuke completely.

    cPanel.net Support Ticket Number:
     
  2. Yert

    Yert Registered
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Most likely, you need to remove a line that starts with <meta refresh...> in the index.php. Remove that line, and then figure out how they put it there in the first place.

    cPanel.net Support Ticket Number:
     
  3. mrherald

    mrherald Registered

    Joined:
    Mar 1, 2002
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    you ought to check www.phpnuke.org with this problem.

    cPanel.net Support Ticket Number:
     
  4. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    What version? It would be helpful to know so we can take corrective action to either remove what Fantastico is deploying or so we can inform our users.

    cPanel.net Support Ticket Number:
     
  5. Bert W

    Bert W Member

    Joined:
    Mar 2, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    How do I check version #?

    cPanel.net Support Ticket Number:
     
  6. geekhosting

    geekhosting Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    By the sounds of this, it sounds as if someone has found another sql injection method OR some kiddie has gotten their hands on one for an older version of nuke. If this redirect is happening when you hit the main page, you can login to the admin section and just remove the post or login to cpanel and edit th SQL.

    One of the more common issues is not phpnuke being injected itself, but if this site has a shoutbox, or tagboard that does not strip html content then they are easier targets for wannabe hackers. I will be glad to assist you in correcting this if you would like

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page