Thought number 1
Δεν θα πάρετε ούτε Θεσσαλονίκη ούτε Ξάνθη ούτε Κρήτη... τόσο απλά υποανάπτυκτοι Γκρίζοι λύκοι!
Thought number 2
What's the version of Dolphin you run?
Unfortunately this appears to be a server compromise
using the classiic shell script. Could be wrong on that one.
The other option is a compromised FTP login. If the logs were not erased you may be able to see the point of access.
You should be able to replace your index.php file if in fact it was overwritten most likely an index.HTML has been loaded and it would load before the .php file
change your FTP password do not store the password to your computer
ask your host to take a look at see more the server to see if possibly a root kit has been loaded
find out if your site was the only one affected on that server
last effort move to a more secure hosting environment
I would not consider this a problem with the script itself
If your on a vps you could load up mod_geoip compile it in Apache ..and use the htaccess to block the countries you dont want like
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese
or if your on a shared enviroment see
http://www.blockacountry.com/
just be careful of the htaccess file size..dont let it get too big.
A few years back a lot of dolphin hackers and related sites had some form of Turkey connection. There were forums, and maybe there still are that talked about hacking dolphin sites. There seems to be some countries that you hear about this originating from more than others. I don't know that it is fair to single out entire countries for a handful of bad seeds, but some do it anyway.
There used to be and probably still are hacking competitions. They would change and deface the main page with there see more little screen name or group like the screen shot you have posted. I hear about things like this sometimes being done by competing sites, but not very often.
I see a number of sites that do not allow members from certain countries, like parts of Asia, the Mid East, and some country's in Africa. It's ones choice to single them out, block them, or whatever, but last time I checked the U.S. was ranked #1 for hackers, spammers, phishing schemes, you name it.
If it is on wamp one of the things windows tends to do is make all files and folders writable and executable by default rather than read only.
Best of luck, hope you get it squared away and locked down.
blocking certain countries now they've found you wont help... but for those who sites havent been hacked theres a good chance they havent found you yet.
You dont think they sit there scouring the internet for sites to hack? No they send out bots to do the job...so block those bots b4 the real hackers come.
Δεν θα πάρετε ούτε Θεσσαλονίκη ούτε Ξάνθη ούτε Κρήτη... τόσο απλά υποανάπτυκτοι Γκρίζοι λύκοι!
Thought number 2
What's the version of Dolphin you run?
using the classiic shell script. Could be wrong on that one.
The other option is a compromised FTP login. If the logs were not erased you may be able to see the point of access.
You should be able to replace your index.php file if in fact it was overwritten most likely an index.HTML has been loaded and it would load before the .php file
change your FTP password do not store the password to your computer
ask your host to take a look at see more
2. FTP access only for another drive
3. No other site is on the server is not affected
4. How else can replace files?
And what are the settings for the following options:
register_globals
allow_url_include
he is running from home, so i would say its 5, cant imagine running a wamp from home and using 4?
if register globals were on from the install it would have complained severely, but then again, that warning my have went unheeded.
Regards,
DosDawg
It's not clear if they have some sort of agenda, or do this just because they can.
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese
or if your on a shared enviroment see
http://www.blockacountry.com/
just be careful of the htaccess file size..dont let it get too big.
There used to be and probably still are hacking competitions. They would change and deface the main page with there see more
You dont think they sit there scouring the internet for sites to hack? No they send out bots to do the job...so block those bots b4 the real hackers come.