Hacked?

E

Egoista

Up-and-Coming Sensation
Joined
Oct 12, 2012
Messages
278
Reaction score
0
FP$
2
Hey so my forum, VERLETA.NET redirects to an "Airsoft Warbox" forum.
Checked .htaccess everything seems to be normal.
Checked index.php and index.template.php and everything is fine.


What do I do?
 
After looking at your forums source, the issues is here

Code: 
<td class="info">
						<a class="subject" href="http://verleta.net/announcements/?PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8" name="b2">Announcements</a>

						<p><script type="text/javascript"/>document.location='http://airsoftwarbox.com/index.php';</script></p>
					</td>
					<td class="lastpost windowbg">
						<p><span><a href="http://verleta.net/profile/?u=1;PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8">Egoista</a>	in <a href="http://verleta.net/announcements/httpwww-airsoftwarbox-com/msg138/?PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8#new" title="http://www.airsoftwarbox.com">http://www.airsoftwarbox...</a></span><br />
						March 23, 2013, 09:42:38 PM
						</p>
					</td>
Try and access the ACP and clear the description of the announcement forum
Code: 
<script type="text/javascript"/>document.location='http://airsoftwarbox.com/index.php';</script>
That is the issue and seems to be in the forum description. It only redirects on the index page. Topics are fine for example - http://verleta.net/announcements/httpww ... arbox-com/
 
I just want to throw in that I own Airsoft Warbox, and I have not hacked or done anything to affect your forum. I'm very sorry what has happened to your forum. It looks like someone is trying to make it look like I am a hacker, and ruin my reputation. :/
 
This actually happened to another forum I was suppose to do a post exchange on.
 
Fowler said:
After looking at your forums source, the issues is here

Code: 
<td class="info">
						<a class="subject" href="http://verleta.net/announcements/?PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8" name="b2">Announcements</a>

						<p><script type="text/javascript"/>document.location='http://airsoftwarbox.com/index.php';</script></p>
					</td>
					<td class="lastpost windowbg">
						<p><span><a href="http://verleta.net/profile/?u=1;PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8">Egoista</a>	in <a href="http://verleta.net/announcements/httpwww-airsoftwarbox-com/msg138/?PHPSESSID=4cbaf664e3efa5b465e9a4c6a9f698b8#new" title="http://www.airsoftwarbox.com">http://www.airsoftwarbox...</a></span><br />
						March 23, 2013, 09:42:38 PM
						</p>
					</td>
Try and access the ACP and clear the description of the announcement forum
Code: 
<script type="text/javascript"/>document.location='http://airsoftwarbox.com/index.php';</script>
That is the issue and seems to be in the forum description. It only redirects on the index page. Topics are fine for example - http://verleta.net/announcements/httpww ... arbox-com/
Click to expand...

Thank you that was extremely helpful, I was looking for the HTML version of a redirect, didn't think it'd be Javascript. +Rep

Eternal said:
I just want to throw in that I own Airsoft Warbox, and I have not hacked or done anything to affect your forum. I'm very sorry what has happened to your forum. It looks like someone is trying to make it look like I am a hacker, and ruin my reputation. :/
Click to expand...

It's alright, I was thinking to myself "There's no way he would've done that." It's all good, though, at least nothing drastic happened and I was able to recover pretty much everything.
 
Make sure to run a validation test, check your server logs, and look for any shells. You can just compare the default files in the SMF package to what's currently on your server. Make sure to check EVERY directory. I'm sorry to hear about this. 🙁
 
As Pandaa suggested, look at your files. Contact your host and have them scan your account for any malicious files or coding within the files. 🙂
 
Also change the password and don't reuse your passwords either. A trick I have seen a few times over the years is someone setting up a forum for the purpose of harvesting user logins hoping that they reuse that login information elsewhere.

Glad you got it sorted 😀
 
Not only change your password to your forum but also to your CPanel just in case.

I don't know why people think they can hide anonymously and try to use/make out someone else hacked an site.

Also Re Install Mybb in case its done anything else.
 
If you've still not gotten rid of it, because it's JS, you can disable JS, go in and remove it, and then reenable JS.
 
Spudster said:
Not only change your password to your forum but also to your CPanel just in case.

I don't know why people think they can hide anonymously and try to use/make out someone else hacked an site.

Also Re Install Mybb in case its done anything else.
Click to expand...

I did this as soon as everything was back to normal. Thanks for the suggestion.

Jake said:
If you've still not gotten rid of it, because it's JS, you can disable JS, go in and remove it, and then reenable JS.
Click to expand...

Thank you. I bought XenForo so Im changing a lot. I will disable all JS and HTML, thanks for the suggestion.
 
Also if they only used JS and it's still there then Goto Browser -> Browser Settings -> Disable JS
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom