Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th August 2008, 13:55
kassie kassie is offline
Senior Member
 
Join Date: May 2007
Location: Johannesburg, South Africa
Posts: 136
Thanks: 13
Thanked 0 Times in 0 Posts
Default HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE

Hi All,

I got the following message on all my Joomla Sites

HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE

Is there any way they could get past my server stuff or do you think it is a Joomla problem.
I have the Perfect Ubuntu 8.04 with ISPConfig 2.2.24
Reply With Quote
Sponsored Links
  #2  
Old 10th August 2008, 14:48
torusturtle torusturtle is offline
Senior Member
 
Join Date: Apr 2006
Posts: 296
Thanks: 21
Thanked 24 Times in 16 Posts
Send a message via ICQ to torusturtle Send a message via AIM to torusturtle
Default

Quote:
Originally Posted by kassie View Post
Hi All,

I got the following message on all my Joomla Sites

HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE

Is there any way they could get past my server stuff or do you think it is a Joomla problem.
I have the Perfect Ubuntu 8.04 with ISPConfig 2.2.24
Is your Joomla up to date?
My guess is that it is only Joomly that was hacked.

But you should check the rest of the system.

Also always use strong passwords and when login in through SSH check the fingerprint to prevent man in the middle attacks.
Reply With Quote
  #3  
Old 10th August 2008, 15:00
kassie kassie is offline
Senior Member
 
Join Date: May 2007
Location: Johannesburg, South Africa
Posts: 136
Thanks: 13
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by torusturtle View Post
Is your Joomla up to date?
My guess is that it is only Joomly that was hacked.

But you should check the rest of the system.

Also always use strong passwords and when login in through SSH check the fingerprint to prevent man in the middle attacks.
I had a look, it is only the joomla sites, all other sites are still fine (html & flash)


Quote:
Originally Posted by torusturtle View Post
Also always use strong passwords and when login in through SSH check the fingerprint to prevent man in the middle attacks.
How can i do this??
Reply With Quote
  #4  
Old 10th August 2008, 16:37
torusturtle torusturtle is offline
Senior Member
 
Join Date: Apr 2006
Posts: 296
Thanks: 21
Thanked 24 Times in 16 Posts
Send a message via ICQ to torusturtle Send a message via AIM to torusturtle
Default

Quote:
Originally Posted by kassie View Post
How can i do this??
Strong passwords have at least 8 characters of this kind:
- small letters a-z
- capital letters A-Z
- numbers 0-9

and even stronger with:
- special characters: + = ( ) * # etc.

Don't use the same password for different logins.

When connection to the server the client checks the fingerprint of the server. if it is new or has changed the client will ask you if you want to accept it.

Check if the fingerprint is correct.

You can get the right value on your server by using
Code:
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
If the fingerprint is not the same then the changes are that someone is pretending to be your server and would gain the password when you enter it.
Reply With Quote
  #5  
Old 11th August 2008, 23:46
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Aditionally, you should check your system with some rootkit scanners regularily:

http://www.howtoforge.com/faq/1_38_en.html
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 12th August 2008, 20:24
Voyageravv Voyageravv is offline
Junior Member
 
Join Date: Aug 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Disable allow_furl_open and allow_furl_include from your php.ini

restart apache (/etc/init.d/apache2 restart)

copy all images (jpg, gifs, and bmps) and configuration.php from your /images folder and delete entire joomla site

Reinstall Joomla

copy your old configuration.php to your root, an restore your images to your original folder...

delete install folder...

And good luck!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 20:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.