hacking website

Thought number 1
Δεν θα πάρετε ούτε Θεσσαλονίκη ούτε Ξάνθη ούτε Κρήτη... τόσο απλά υποανάπτυκτοι Γκρίζοι λύκοι!
Thought number 2
What's the version of Dolphin you run?

version 6.1.6

Unfortunately this appears to be a server compromise
using the classiic shell script. Could be wrong on that one.
The other option is a compromised FTP login. If the logs were not erased you may be able to see the point of access.

You should be able to replace your index.php file if in fact it was overwritten most likely an index.HTML has been loaded and it would load before the .php file

change your FTP password do not store the password to your computer

ask your host to take a look at see more the server to see if possibly a root kit has been loaded

find out if your site was the only one affected on that server

last effort move to a more secure hosting environment

I would not consider this a problem with the script itself

regards,
DosDawg

1. a local server
2. FTP access only for another drive
3. No other site is on the server is not affected
4. How else can replace files?

What version of php do you have ?
And what are the settings for the following options:
register_globals
allow_url_include

I'm curious who this 1923turk grup is. A search only returns hits of the sites that have been hacked. They seem to have a lot of ambition.

It's not clear if they have some sort of agenda, or do this just because they can.

If your on a vps you could load up mod_geoip compile it in Apache ..and use the htaccess to block the countries you dont want like
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese

or if your on a shared enviroment see

http://www.blockacountry.com/

just be careful of the htaccess file size..dont let it get too big.

tottaly blocking turkey off won't work (except for the ethical part, hack groups can always use proxys)

A few years back a lot of dolphin hackers and related sites had some form of Turkey connection. There were forums, and maybe there still are that talked about hacking dolphin sites. There seems to be some countries that you hear about this originating from more than others. I don't know that it is fair to single out entire countries for a handful of bad seeds, but some do it anyway.

There used to be and probably still are hacking competitions. They would change and deface the main page with there see more little screen name or group like the screen shot you have posted. I hear about things like this sometimes being done by competing sites, but not very often.

I see a number of sites that do not allow members from certain countries, like parts of Asia, the Mid East, and some country's in Africa. It's ones choice to single them out, block them, or whatever, but last time I checked the U.S. was ranked #1 for hackers, spammers, phishing schemes, you name it.

If it is on wamp one of the things windows tends to do is make all files and folders writable and executable by default rather than read only.

Best of luck, hope you get it squared away and locked down.

blocking certain countries now they've found you wont help... but for those who sites havent been hacked theres a good chance they havent found you yet.

You dont think they sit there scouring the internet for sites to hack? No they send out bots to do the job...so block those bots b4 the real hackers come.