Sweet16s Posted July 2, 2004 Posted July 2, 2004 Hi there, I think somebody has stole my page, can somebody please help, what do I do about it. heres my site: www.sweet16ssexshop.co.uk Please note this is an adult toys shop it was fine yesterday now it comes up with as stated below when you click the logo to enter my store. F3PN Gr0up Ownz Here We're: OntCx and h4sh [email protected] please help I have worked on my site for 5 months and im loosing business please any help appreciated on how to get it back many thanks in advance
jlevene Posted July 2, 2004 Posted July 2, 2004 Hi, I am quite a newbie here, but can't you just reload your files from your local PC. I presume you have a backup on a local PC? Sorry if this sounds basic. Jeff
Sweet16s Posted July 2, 2004 Author Posted July 2, 2004 Hi, I am quite a newbie here, but can't you just reload your files from your local PC. I presume you have a backup on a local PC? Sorry if this sounds basic. Jeff hi there, thanks for the advice but I have tried that and im getting no where!!!! I think they have done something to my domain kind regards clive
burt Posted July 2, 2004 Posted July 2, 2004 You've been hacked. ms2 doesn't have any glaringly obvious hacker backdoors like older versions of Oscommerce did. The hackers have probably gotten into the Server and run a script to replace all the inex.php pages with their own. The Server therefore is very likely to be compromised. You should contact the Host of your site. Here is another site on the same server: http://www.mudserve.net which shows the same page. Short term , you should just replace the file index.php with a backup of your own. But this will keep happening again and again until the host locks down the server, and makes sure there is no rootkit on it. And obviously he'll need to close the backdoor that is giving the hackers entry!
Acheron Posted July 2, 2004 Posted July 2, 2004 I recall reading about this group a while back. F3PN is based in Brazil and specifically targets Linux systems using root exploits. They don't seem to hack for any reason other than that they can. You can find them on IRC on tornado.phey.net #f3pn
Chris Dunning Posted July 2, 2004 Posted July 2, 2004 This happened to a friend of mine. He had a site hosted on his server that allowed users to upload files - someone uploaded a .jpg file that was not an image but rather a script. This file allowed a hacker to access his server over SSH as root and cause all kinds of damage. Apparently this vulnerability was present in Linux kernel 2.422 or somewhere around there - upgrading to the latest kernel patched it. Chris Dunning osCommerce, Contributions Moderator Team Please do not send me PM! I do not read or answer these often. Use the email button instead! I do NOT support contributions other than my own. Emails asking for support on other people's contributions will be ignored. Ask in the forum or contact the contribution author directly.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.