Results 1 to 13 of 13
  1. #1
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    714

    Hacked? forum is being redirected

    Hello.

    My forum located at: http://f1zone.net/forum is being redirected to: http://guestlistlondon.com/

    WTF is that? What to do?
    sorry, This user doesn't have a signature

  2. #2
    Check the .htaccess file in the 'forum' folder for possible redirects in there.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  3. #3
    Join Date
    Sep 2012
    Location
    Michigan
    Posts
    70
    Most likely you have been compromised. Check the .htaccess to remove the redirect, and then (if you have SSH access) run a malware scan on your site. You most likely have been compromised and there is probably some shells in your installation.

  4. #4
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    714
    OK thanks guys. I found it. I deleted it and running scans now.

    It's interested. In 2009 I was hosted by medialayer, switched to tsohost in 2012 (I guess something happened then). After 3-4 months went back to Medialayer, I got hacked again. And in 2015 I got hacked.

    The website which hacked me is hosted by Tsohost.com it's interesting. I guess the shell has been online since 2012. Geez! going to do some scans now!
    sorry, This user doesn't have a signature

  5. #5
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Red_wolf6 View Post
    OK thanks guys. I found it. I deleted it and running scans now.

    It's interested. In 2009 I was hosted by medialayer, switched to tsohost in 2012 (I guess something happened then). After 3-4 months went back to Medialayer, I got hacked again. And in 2015 I got hacked.

    The website which hacked me is hosted by Tsohost.com it's interesting. I guess the shell has been online since 2012. Geez! going to do some scans now!
    It's most likely nothing to do with the provider but rather what your running within the account.

  6. #6
    Join Date
    Jul 2009
    Location
    The backplane
    Posts
    1,788
    Quote Originally Posted by Red_wolf6 View Post
    It's interested. In 2009 I was hosted by medialayer, switched to tsohost in 2012 (I guess something happened then). After 3-4 months went back to Medialayer, I got hacked again. And in 2015 I got hacked.
    It doesn't matter which host you use if you don't secure your application.

  7. #7
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    714
    How to find the hidden shell now? any script to run it?
    sorry, This user doesn't have a signature

  8. #8
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    A little investigation into your site yields and your running phpBB and the version is from what I can tell appears to be: 3.0.10

    Considering the version within the 3.0.x branch is at 3.0.14 and version 3.1 is already out and onto 3.1.4 you are currently some 9 versions outdated...

    phpBB 3.0.10 was released in 2012 and since then a number of exploits have been found.

    You need to upgrade ASAP.
    Last edited by Server Management; 05-28-2015 at 05:08 PM.

  9. #9
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,703
    phpBB has a lot of exploits.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  10. #10
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by kpmedia View Post
    phpBB has a lot of exploits.
    I guess the odd issue here and there happens with most applications but being the best part of 9 versions out dated your asking for trouble regardless of what you use.

  11. #11
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    714
    Sorry. Double post. Removed....
    Last edited by Red_wolf6; 05-28-2015 at 05:29 PM. Reason: double post
    sorry, This user doesn't have a signature

  12. #12
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Red_wolf6 View Post
    How to find the hidden shell now? any script to run it?
    The version of phpBB your using suffers from SQL injection exploits. It's okay finding something they've planted but it doesnt close the point of entry aka injecting the database. Unless you upgrade to the current 3.1.4 you'll just have problem after problem until your forum is ruined with every table injected and a swiss cheese load of holes.

  13. #13
    Join Date
    Apr 2009
    Location
    New York City
    Posts
    5,169
    Always ensure that your software / applications are always up today and secured as much as possible. Ensure you change your passwords often from time to time.


    I suggest upgrade your forum software to the latest software do so with any other scripts you have on that account / any server. next change all passwords for all your accounts this would include emails , forum accounts, even passwords you use for your computer / on other sites. never know what they have or could of done. Most times when a hosting account is hacked or tampered with it isn't the hosts fault but rather the clients because they used or are using out of date software which can easily be breached by sum1.

Similar Threads

  1. Replies: 7
    Last Post: 03-23-2014, 12:46 AM
  2. public_html folder is being redirected
    By DavidV in forum Programming Discussion
    Replies: 8
    Last Post: 05-11-2007, 02:36 PM
  3. My server is being Hacked! Please help!
    By ahlup in forum Hosting Security and Technology
    Replies: 1
    Last Post: 10-09-2004, 08:07 AM
  4. Help! My server is being attacked!
    By arrty in forum Dedicated Server
    Replies: 22
    Last Post: 08-05-2001, 03:49 PM
  5. Is Being a Reseller a Bad Thing?
    By Laci in forum Web Hosting
    Replies: 28
    Last Post: 09-17-2000, 08:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •