Serendipity Forums

User and developer community
https://board.s9y.org/

My S9Y site HACKED!!! what I should do now? [fixed]

https://board.s9y.org/viewtopic.php?t=13017

Page 1 of 1

My S9Y site HACKED!!! what I should do now? [fixed]

Posted: Fri May 23, 2008 3:12 am
by bonabest
Hi guys,

I just found that my s9y site been hacked by some one from Turkey...

my web address www.bonabest.net

can anyone help me out? like what's the best way to restore my blog without losing any data?

PLZ!

by the way, my s9y version is 1.2.1

Posted: Fri May 23, 2008 3:33 am
by bonabest
fixed!!!

this guy edited the serendipity_config_local.inc to the following content.

what a wan*er, so simple and too naive...


<html>
<head>
<!--
div.Section1
{page:Section1;}
span.SpellE
{}
body {
background-color: #000000;
}
.style2 {
font-size: 36px;
color: #FF0000;
}
.style7 {font-size: 36px; color: #FFFFFF; }
.style5 { font-size: 24px;
color: #00FF00;
}
.style6 {font-size: 18px}
.style8 { font-size: 24px;
color: #FFFFFF;
font-weight: bold;
}
.style10 {
color: #FFFFFF;
font-size: 18px;
}
.style11 {font-size: 36px; color: #FFFFFF; font-weight: bold; }
.style12 {color: #FFFFFF}
.style13 {
font-size: 36px;
color: #00FF00;
}
-->
</style>
<div id="Layer1" style="position:absolute; left:0; top:0; width:1000; height:1000;
z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000">
<strong>
</span></strong></p>
<DIV align=center>
<p><B><BR>
<STYLE>BODY {
SCROLLBAR-ARROW-COLOR: red; SCROLLBAR-BASE-COLOR: black
}
</style>
<title>HACKED BY VEZiR.04</title><p><font color="#000000">
<div id="Layer1" style="position:absolute; left:0; top:0; width:1000; height:1000;
z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000">
<p align="center"><font face ="Showcard Gothic" style="font-size: 125pt"><font color="white">HackeD
<p align="center"><font face ="Showcard Gothic" style="font-size: 25pt"><font color="white">Your System Owned By
<p align="center"><font face ="Showcard Gothic" style="font-size: 35pt"><font color="white">Vezir.04~McPislick~One_Dream
<p align="center"><font face ="Showcard Gothic" style="font-size: 15pt"><font color="white">vezir.04@gmail.com
<p align="center"><font face ="Showcard Gothic" style="font-size: 15pt"><font color="white">www.turkishrevenge.org
<!--VEZiR.04-->
<noscript>
</b></p>
</font></td>
</tr>
<tr align="center">
</tr>
</table>
</body>
</html>

Posted: Fri May 23, 2008 3:46 am
by Don Chambers
Not sure how the hacker did that, but definitely start by upgrading to the latest s9y release. Glad you were able to detect and correct the problem so quickly. Disregard my PM.

Posted: Fri May 23, 2008 10:50 am
by garvinhicking
Hi!

Do you run other applications on your webserver? Even though a file of s9y was affected, it might have stemmed from another application. Especially instances of Coppermine Gallery have been subject to hack attacks recently!

Regards,
Garvin
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited