HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE

Discussion in 'General' started by kassie, Aug 10, 2008.

  1. kassie

    kassie New Member

    Hi All,

    I got the following message on all my Joomla Sites

    HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE

    Is there any way they could get past my server stuff or do you think it is a Joomla problem.
    I have the Perfect Ubuntu 8.04 with ISPConfig 2.2.24
     
  2. torusturtle

    torusturtle ISPConfig Developer ISPConfig Developer

    Is your Joomla up to date?
    My guess is that it is only Joomly that was hacked.

    But you should check the rest of the system.

    Also always use strong passwords and when login in through SSH check the fingerprint to prevent man in the middle attacks.
     
  3. kassie

    kassie New Member

    I had a look, it is only the joomla sites, all other sites are still fine (html & flash)


    How can i do this??
     
  4. torusturtle

    torusturtle ISPConfig Developer ISPConfig Developer

    Strong passwords have at least 8 characters of this kind:
    - small letters a-z
    - capital letters A-Z
    - numbers 0-9

    and even stronger with:
    - special characters: + = ( ) * # etc.

    Don't use the same password for different logins.

    When connection to the server the client checks the fingerprint of the server. if it is new or has changed the client will ask you if you want to accept it.

    Check if the fingerprint is correct.

    You can get the right value on your server by using
    Code:
    ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
    If the fingerprint is not the same then the changes are that someone is pretending to be your server and would gain the password when you enter it.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. Voyageravv

    Voyageravv New Member

    Disable allow_furl_open and allow_furl_include from your php.ini

    restart apache (/etc/init.d/apache2 restart)

    copy all images (jpg, gifs, and bmps) and configuration.php from your /images folder and delete entire joomla site

    Reinstall Joomla

    copy your old configuration.php to your root, an restore your images to your original folder...

    delete install folder...

    And good luck!
     

Share This Page