site hacked dolphin 6.1.6

Reply·Subscribe

I changed the administrator name and password of the admin dolphin or ftp ?

Looks to me there is a another script somewhere in that map who need to be removed.

For Admin got to your admin section - settings

Kids first
Quote · 18 Sep 2009
killerhaai
killerhaaiAdvanced
1622 posts
0
 

Remove the index.php from your server, and upload new one from your install pack. 
Look also if there are other strange files in your server admin map and root and remove them.

Also change your admin name and password..

Kids first
Quote · 18 Sep 2009
killerhaai
killerhaaiAdvanced
1622 posts
0
 

I change the index.php but the problem that reproduces some hours later
DosDawg
DosDawgPremium
3696 posts
1
 

you need to most likely look at all index.php files. if you have shell access you can do a search string for any words ending in *.ru as i see this is apparently coming from our friends in Russia. basically i would take the site off line, pull all of the index.php files down and do a diff on them with what is in the default.

Regards,

DosDawg

When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support
Quote · 18 Sep 2009
DosDawg
DosDawgPremium
3696 posts
1
 

more than that, you need to read your logs and determine how access was gained. most likely a compromised ftp login, as that has been done a few times over the past year or so. also, may want to consider updating your server config to sUphp, this will help some. you can set auth requirements on ftp as well. its all a PITA, but you can get through it, its not the end of the globe.

Regards,

DosDawg

When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support
Quote · 18 Sep 2009
DosDawg
DosDawgPremium
3696 posts
1
 

if you are going in on shell, and searching the files for the <iframe> tag i think you will find all the files that are infected. i do not believe that these are executables that can infect your local machine, as i dont see an exe call on your post from earlier. nor do i think you would be in harms way if you FTP'd the files down, and edited them all at the same time. there is an alternate to either one of these, you can download and install Notepad++ grab the plugins, most specifically the ftpsyn plugin. you can then setup an ftp connection directly into the server, and edit each of the files remotely, because these are source code files, i think you are more than safe from worrying about infecting your machine.

Regards,

DosDawg

When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support
Quote · 18 Sep 2009
howard29
howard29Advanced
3 posts
0
 

They most likely are hacking it through the "Guest book" as was the case with my site, this is a hole in dolphin 6.1.6

you need to re-name it through the code, not in dolphin admin as this will not work.

When my site was hacked there were several re-directs but stoped at www.globalmixgroup.cn

I hope this is of help to you...good luck...howard29

Quote · 18 Jan 2010
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd