Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. The Chill Out Zone
  4. Announcements & Security Issues
  5. HACKED wp-conf.php

HACKED wp-conf.php

Asked Modified Viewed 11,987 times
Back to Forum Index Previous Topic Next Topic
Print
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
asked
Member

Site is hacked.
in /
/domain.com
/domain.com/public_html

i have wp-config.php

in wp-config.php



code thet hacked site code wp.txt
Edited by DjordjeB on 03-05-2013 13:20,
0 replies

13 posts

D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

after some time... script edit almost all files and make redirect to some porno site..

last time when is hacked (before update)

this files is infected:
/public_html/config.php: Trojan.PHP-43 FOUND
public_html/articles.php: Trojan.PHP-43 FOUND
/public_html/contact.php: Trojan.PHP-43 FOUND
/public_html/downloads.php: Trojan.PHP-43 FOUND
/public_html/edit_profile.php: Trojan.PHP-43 FOUND
/public_html/faq.php: Trojan.PHP-43 FOUND
/public_html/index.php: Trojan.PHP-43 FOUND
/public_html/login.php: Trojan.PHP-43 FOUND
/public_html/lostpassword.php: Trojan.PHP-43 FOUND
/public_html/maincore.php: Trojan.PHP-43 FOUND
/public_html/maintenance.php: Trojan.PHP-43 FOUND
/public_html/members.php: Trojan.PHP-43 FOUND
/public_html/messages.php: Trojan.PHP-43 FOUND
/public_html/news.php: Trojan.PHP-43 FOUND
/public_html/photo.php: Trojan.PHP-43 FOUND
/public_html/photogallery.php: Trojan.PHP-43 FOUND
/public_html/print.php: Trojan.PHP-43 FOUND
/public_html/profile.php: Trojan.PHP-43 FOUND
/public_html/reactivate.php: Trojan.PHP-43 FOUND
/public_html/readarticle.php: Trojan.PHP-43 FOUND
/public_html/register.php: Trojan.PHP-43 FOUND
/public_html/search.php: Trojan.PHP-43 FOUND
/public_html/setuser.php: Trojan.PHP-43 FOUND
/public_html/showphoto.php: Trojan.PHP-43 FOUND
/public_html/submit.php: Trojan.PHP-43 FOUND
/public_html/viewpage.php: Trojan.PHP-43 FOUND
/public_html/weblinks.php: Trojan.PHP-43 FOUND
/public_html/administration/tiny_mce/plugins/fullpage/langs/code.php:
PHP.Trojan.Spambot FOUND
/public_html/administration/tiny_mce/plugins/media/css/gallery.php:
PHP.Trojan.Spambot FOUND
/public_html/administration/accountMU6.php:
PHP.Trojan.Spambot FOUND
/public_html/administration/xmlrpckzFE.php:
PHP.Trojan.Spambot FOUND
/public_html/omladina_aktivnosti.php: Trojan.PHP-43 FOUND


and logs:
Code Download source
/administration/tiny_mce/plugins/media/css/gallery.php HTTP/1.1" 200 36 "-" "Mozilla/5.0"
186.81.212.198 - - [24/Mar/2013:00:01:48 +0100] "POST 
/administration/tiny_mce/plugins/fullpage/langs/code.php HTTP/1.1" 200 36 "-" "Mozilla/5.0"
190.162.159.72 - - [24/Mar/2013:00:02:14 +0100] "POST
/administration/tiny_mce/plugins/media/css/gallery.php HTTP/1.1" 200 36 "-" "Mozilla/5.0"
114.185.151.212 - - [24/Mar/2013:00:08:57 +0100] "POST
Edited by DjordjeB on 03-05-2013 14:31,
0 replies
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

I see wordpress has the same issue.
forums.phpfreaks.com/topic/274047-security-help-trojanphp-43/

Config.php was readable by public? Password is not a strong pass?
0 replies
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

Have a read:eksith.wordpress.com/2012/01/25/anatomy-of-a-php-trojan/
0 replies
T
Tyler
T
Tyler 10
Helping, would be pointing you in the right direction, not doing it all for you.
  • Member, joined since
  • Contributed 198 posts on the community forums.
  • Started 3 threads in the forums
answered
Member

There's obviously a door somewhere. Whether it's only with certain server configurations it's something that needs to be nailed down. I'm messing around trying to upload malicious images to my site with image submissions right now....

Anyway there's a way to exploit php fusion and hopefully we can find it.
0 replies
B
billhunter
B
  • Newbie, joined since
  • Contributed 9 posts on the community forums.
answered
Newbie

This is exactly the same hack which affected a dozen or so of my php-fusion sites, and many other php-fusion user's sites, not very long ago.
DjordjeB.... What version of php-fusion was your site using when hacked?
Edited by billhunter on 03-05-2013 17:04,
0 replies
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

the last version is php-fusion... config.php is 0640 permission.. this is second time...

password contains 18 character and a-z, 0-9 (sql pass)

this is hosting omission or my?
0 replies
M
MeTRoiD
M
  • Member, joined since
  • Contributed 114 posts on the community forums.
  • Started 11 threads in the forums
answered
Member

lol..
You need fresh PHPFusion v7.02.06 files.. Upload them on your server and then connect to your existing database... But in database you will have a code thought who the HACKER can access your site so check ALL information in database..
The HACKER code will be at PREFIX_custom_pages ...

I think so.
0 replies
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

i have last version of php-fusion
0 replies
F
Falk
F
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 11 questions
answered
Super Admin

Please post your
MySql version and PHP version.
0 replies
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

php 5.3.10
mysql 5.1
Edited by DjordjeB on 04-05-2013 16:27,
0 replies
F
Falk
F
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 11 questions
answered
Super Admin

Thank you.
It´s an older PHP version for sure, we have some leads on this and will post more info shortly.
0 replies
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

thet trojan horse upload some php to /administration/ folder, what is minimum permission for thet folder? now is 740
0 replies
D
DjordjeB
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
answered
Member

the problem was old version of php! i request transfer website to server witch have new version and problem is gone...
0 replies

Category Forum

Announcements & Security Issues

Labels

None yet

Statistics

  • Views 0 views
  • Posts 13 posts
  • Votes 0 votes
  • Topic users 6 members

6 participants

F
F
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 11 questions
M
M
  • Member, joined since
  • Contributed 114 posts on the community forums.
  • Started 11 threads in the forums
C
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
D
D
  • Member, joined since
  • Contributed 50 posts on the community forums.
  • Started 13 threads in the forums
  • Started this discussions
T
T
Tyler 10
Helping, would be pointing you in the right direction, not doing it all for you.
  • Member, joined since
  • Contributed 198 posts on the community forums.
  • Started 3 threads in the forums
B
B
  • Newbie, joined since
  • Contributed 9 posts on the community forums.

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet