Results 1 to 27 of 27
  1. #1

    GOT HACKED - need Easy help- PLEASE POST!

    Ok my website got hacked, and every incorrect or "not found " url like redirects to this HUGE foreign website ( like 50 000 members )

    paintballuploads is a public upload website and i think they uploaded a file to make it to this, so what file name would that be or how can i make it not do that? thanks! and reply asap please!

    Thanks in advance!

  2. #2
    Join Date
    Oct 2001
    Check the .htaccess in your home directory to see if they may have added some mod_rewrite rules.

  3. #3
    there is no .htaccess file(s) ...... thanks for the try, but i could have sworn i saw it before, is there any way they hid it? I cant find it and this host doesnt have cpanel, so he couldnt have gone in a cpanel.

    Thanks to all who help its VERY appreciated.

  4. #4
    Join Date
    Oct 2002
    They setup a 302 redirect to move all traffic to that board. If you visit the site with Sam Spade it shows the info below. Sorry, I haven't the foggiest how to fix but maybe this info will help somebody who can....

    HTTP/1.1 302 Found

    Date: Fri, 22 Jul 2005 05:23:59 GMT

    Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) PHP/4.3.11 mod_ssl/2.8.14 OpenSSL/0.9.7g mod_perl/1.29 FrontPage/


    Connection: close

    Transfer-Encoding: chunked

    Content-Type: text/html; charset=iso-8859-1


    <TITLE>302 Found</TITLE>
    The document has moved <A HREF="">here</A>.<P>
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  5. #5
    i dont really understand the above, still hoping for a fix, thanks!

  6. #6
    Did you check to make sure this is not a meta redirect?

    Just a thought.

  7. #7
    i have on my index.php , but it doesnt really matter, just type all pages that arent found are redirected to there.Maybe is it an error page edited to redirect there? if so please tell me how to fix. Thankks

  8. #8
    registered so I could reply to ya

    If you suspect they uploaded a file that would do this, check logs, or just look at your file list sorted by when it was uploaded. Look at files uploaded around the time this started.

    Also, I noticed the moment you hit a bad URL it redirects to the other domain. It's never loading an error page on the client as far as I can tell, rather immediately redirecting to that domain.

    Does your host have good customer service? Perhaps they can help.
    Last edited by justwannahelp; 07-22-2005 at 01:40 AM.

  9. #9
    My thinking would be that the file that is doing the redirect woulc be were ever the images are uploaded too. Because the index.php is working fine. Just another thought.

  10. #10
    ya i have checked and deleted suspicious files , no luck, ifound this url on a chines/foreign website,

    Although i went to my /1/ file and there is no subfile or any file named or close to yuanma , but click the link i think that is whats it.

  11. #11
    Also you could look at this:

    Page Hijack: The 302 Exploit, Redirects and Google

    Hope this might help.

  12. #12
    no luck. im blocking as much as i can with a php scipt


    if ($_SERVER['HTTP_REFERER'] == "") {
    echo "Message to BLOCKED USERS HERE.";


  13. #13
    Sorry, I wish I could be of more help. But without actually see the server or dir through ssh or something hard to say. I would say to contct the host and have them investigate.

  14. #14
    anyone help please! thanks

  15. #15
    Somewhere in the script somerthing has been modified only way we can take a look is access in the files.

  16. #16
    i just got hacked the last thing i want to do is for someone to have access or see my files, but im contacting my host about this . thanks though

  17. #17
    Join Date
    Feb 2004
    i am not a techie but this could help you.

    It seems to me all 404 are redirected to the other site. So check for default location of 404 landing is changed somewhere in your .htaccess or apache.

    Hope this helps

  18. #18
    Join Date
    Feb 2004
    here is htaccess syntex for redirect of 404
    ErrorDocument 404

  19. #19
    Join Date
    Feb 2003
    either .htaccess, or httpd.conf file might have been modified to redirect all error pages. You might as well check that.

  20. #20
    Join Date
    Jan 2003
    As was originally suggested, look into the .htaccess

    You said you can't find one on the site but that doesn't mean its not there. Many FTP clients will hide those files by default (ie. WS_FTP) and you need to enable it. You may need to enable "show hidden files" or use the -a switch to show all hidden files (found under options).

  21. #21
    Join Date
    Jun 2004
    Bay Area -USA
    If you're using windows explorer to FTP, sometimes it doesnt show the .htaccess file.

    Try using smartFTP and look for a .htaccess.
    <<< Please see Forum Guidelines for signature setup. >>>

  22. #22
    Join Date
    Feb 2003
    Please, please take my advice and HIRE A SECURITY PROFESSIONAL

    It's pointless to fix it if you will still be vulnerable to the same exploit, and chances are you've vulnerable to dozens more you don't even know about.

  23. #23
    Aslo does cpanel have custom error handling? if so I would check that as well.

  24. #24
    Join Date
    Mar 2004
    I think Danx suggestion is the most appropriate, it is no easy help. Get a professional to solve this and harden your server would be the best way.

  25. #25
    Join Date
    Oct 2003
    I think you would be wise not to allow .swf uploads. I remember reading somewhere that these file types can be used to gain unauthorised access, so see if any of those were recently uploaded

  26. #26
    Join Date
    Feb 2003
    Originally posted by nobby nutkin
    I think you would be wise not to allow .swf uploads. I remember reading somewhere that these file types can be used to gain unauthorised access, so see if any of those were recently uploaded
    There was a recent exploit with JPG's, too. It's better to fix than to avoid.

  27. #27
    Also, see if they have placed a file named 404.shtml anywhere. Some Apache configs will use this file for the 404 error page if it is present.

    Edit: Oh! Just noticed that the site has been hacked. Bit of a bigger problem now.
    Last edited by wolseley; 07-24-2005 at 07:46 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts