Results 1 to 10 of 10
  1. #1

    My site was hacked. Need help

    My site is

    I can find were he inserted the code. When I view the source his code is added at the very bottom. Here is his code. I looked at all the files in the public_html folder but I can't find the code to delete it. It is a phpnuke site with no forum.

    <div style="position:absolute; left: 1; top: 0; background-color: black; width: 1000;height: 5000;color: white"></font>
    <title>HaCKeD By BeLa & BodyGuarD</title>
    <img border="0" src="" width="223" height="136"><b><font face="Monotype Corsiva" size="7">
    <body leftmargin="0" topmargin="0">
    <div align="center"><b><font color=#ffffff face=Verdana size=8>HaCKeD By BeLa</font></b><p><b><font color=#ffffff face=Verdana size=8></font></b></p>
      <b><p style="filter: glow; height: 20px"><font color=#ffffff face=Verdana size=5>SpeciaL Thanx : BodyguarD</font><font size="5"></center><br>
      <div align="center"><font color=porange face="Verdana" size="3">
        <a href="mailto:[email protected]">[email protected]</a> </font>
        <p><font color=green face=Verdana size=3><font color=porange>&nbsp;<a href="mailto:[email protected]">[email protected]</a><br></font>
    <div align="center"><font color=orange face=Verdana size=3>Greatz // Thanx // Tesekkürler
      <p><font color=orange face=Verdana size=3>
    <font color=red face="Comic Sans MS" style="font-size: 10pt">iskorpitx & Metlak & Thehacker & 
      SecretlyX &amp; SuSKuN </font>
    <font color=red face="Comic Sans MS" style="font-size: 10pt" size="3">PoWeRFuL & BadgeR & NeT_TeRoRsS&nbsp; 
      &amp; Vatan</font></p>
      <p><font color=orange face=Verdana size=3></p>

  2. #2
    Oh, I see a lot more code when I open your website's index. Anyway, if you have an .htaccess file - start there, look at the code. Then check the code of your index file. It shouldn't be that difficult to undo the damage, but keeping your site safe after that would be the tricky part. Update you phpNuke. And if you want to make it more secure, don't use phpNuke, there are other CMSs that are much better in security.
    FreeHostia - the Net is free by nature!
    FreeHostia provides both free and paid hosting services with great quality and amazing 24/7 support.

  3. #3
    Join Date
    Aug 2004
    Does your host have a backup? It would be easiest just to ask them to restore the latest backup prior to when your site was hacked. Many hosts keep daily, weekly, and monthly backups.
    Celebrating 9 years of customer service. Domain names, shared/semi-dedicated/dedicated hosting, SSL certificates, merchant accounts, reseller options, and referral program, since July 2000.

  4. #4
    Was your site on some kind of CMS such as phpnuke, mambo or joomla?

    Perhaps it was a shopping cart?

    If that was the case it can be due to your site version simply being outdated and had security holes.

    I will also recheck your permissions of your folders and files to make sure they are secured.
    Psychz Networks - Enterprise Servers & Data Center Professionals
    ★24/7 On-Site Support - Premium Server Hardware
    ★Facilities: Los Angeles, CA - Dallas, TX | Tier-4 Data Centers
    ★Dedicated Servers - Colocation - Psychz DDoS-Shield™ On-Premise Mitigation

  5. #5
    Join Date
    Aug 2006

  6. #6
    Well I got it fixed. He didn't replace any php file, he actually edited my nuke_config table. I couldn't find one file that was changed so I thought the database. I went to phpmyadmin and searched for "Special Thanx" which is some text the hacker displayed on my site, and I found it. He put some html code in the "foot1" field of the nuke_config. I guess I am going to tighten security. There are a lot a phpnuke features and mods I have that I don't use. I am going rip out everything I don't need so there is less features to exploit. I have 7.8 phpnuke though and No Forum modules exist. I wish I knew what he exploited. I don't want to change anything because I like this site and put some work into it.

  7. #7
    Oh one more thing. Is there a way I set a database or a section of a database to not allow being written to temporarly.

  8. #8
    Join Date
    Aug 2004
    You might try searching for a better solution.
    Celebrating 9 years of customer service. Domain names, shared/semi-dedicated/dedicated hosting, SSL certificates, merchant accounts, reseller options, and referral program, since July 2000.

  9. #9
    Join Date
    Apr 2002
    get php mod security installed and update your php nuke.
    basic exploits
    keep up to date by checking - Liverpool Web Design - Liverpool Clubbing

  10. #10
    Join Date
    Aug 2006
    Can I ask why you made two threads about this?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts