FoU clan site hacked!
-
- Posts: 1835
- Joined: Thu Feb 17, 2022 8:24 pm
Hehe good and proper. Well hats off to 'em.Perfect.BR are a group of Brazilian site defacement hackers who find backdoors in Apache using sites (which ours is) and then redirects every single URL to one of their templates. Such as the one we had or "You were owned by Perfect.BR" etc.From what I've managed to find out about them, in a recent hacking competition where the goal was to hack as many sites as possible during a certain weekend they won with 192 points (over 2.5 times that of 2nd place). So they do know what they're doing.Here's a couple of sites with info on them:http://www.dominasecurity.com/hackerz/p ... try9366And I know the majority of you don't use pHp but to those who do, or intend to at some point I think I've found where they got in and for users of phpnuke 6.x you will need to open up your '/modules/News/index.php' file and find:[code:1:f6e3c36aa0]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; if ($score) {if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie);}for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) {$a = 1; }}if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1");} else { $result = sql_query("update ".$prefix."_stories set score=score+$score,ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options");} } else {include("header.php");title("$sitename: "._ARTICLERATING."");OpenTable();echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>";CloseTable();include("footer.php"); }}[/code:1:f6e3c36aa0]Then replace with:[code:1:f6e3c36aa0]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; $score = intval($score); if ($score) { if ($score > 5) { $score = 5; } if ($score < 1) { $score = 1; } if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND$score != 5) { Header("Location: index.php"); die(); } if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie); } for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) { $a = 1; } } if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1"); } else { $result = sql_query("update ".$prefix."_stories setscore=score+$score, ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options"); } } else { include("header.php"); title("$sitename: "._ARTICLERATING.""); OpenTable(); echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>"; CloseTable(); include("footer.php"); }}[/code:1:f6e3c36aa0]Everything should be all back up and running now (finally!) but please be on the lookout for any bugs or errors that you find and let me know so I can fix them. Thanks.errm yes.... lol jees why do they hack sites.. thats stupid
-
- Posts: 715
- Joined: Thu Feb 17, 2022 8:24 pm
-
- Posts: 1835
- Joined: Thu Feb 17, 2022 8:24 pm
They didnt hack html based code, they hacked PHP based cose and PHP based code is nothing like HTML, trust me PHP is to hard for your lil brain Pain.
I work at burger king making flame broiled whoppers I wear paper hats. Would you like an apple pie with that? Would you like an apple pie with that? Ding!! Fries are done. Din