IntegraMOD

[monkey]

Your phpBB Version: 2.0.
phpBB Type: Standard phpBB
MODs: No
Your knowledge: Beginner
Board URL: http://www.twitchythumbs.co.uk/integra

PHP Version:
MySQL Version:


What was done before the problem appeared?
Nothing


What was done to try to solve the problem?
renamed "index.php" in my root. Uploads "auth.php" from the integra download, to the /integra folder.



De.scription and Message

Help!

I've been hacked, somehow.

I've no further information, can anyone help please?

I'm a complete and utter newbie with things like this, so please be gentle with me, and put any instructions into the same language as you'd use for a 5 year-old.

Thanks!

[CaNNon]

Do you have a backup of your files?

Looks like they have injected something to display that message. In this case if thats found and removed from the code you have a really good chance everything will still work.

You need to check the files, was index.php still working when you renamed it?
If so and you can you get into admin, the file checksum feature in CT will tell you witch files have been changed if you have been keeping that up to date. Also the CT logs you may find what files have had attempts at them good chance that could help you find what was changed too.

Also most sites have for error logs and tracking logs in the root of the site they can tell you what files they accessed too.

If you can't find it pm me if you don't mind allowing me access I can spare a little time tonight to help you.

[monkey]

Nope, the index file was changed also.

I can't get into the admin console as /integra/admin also doesn't work....

[found it]

Has your config file changed ..... if it has upload a new one with your database details etc and chmod it to 644....

if it was left at 666 that is how they got in... did it to me a year ago... upload a new index.php file as well then go from there...

let us know

[Helter]

also, add this to your forum root. If you already have an htaccess in your forum root, just copy the code to your current one

Code: Select all

 <Files>Order Allow,DenyDeny from All</Files><Files>Order Allow,DenyDeny from All</Files>

[CaNNon]

Zip's empty

[monkey]

Hi Helter,

I've added the.htaccess file to the root of the integra folder as you've mentioned, the only difference that I could see that this is made is the following, when you go to http://www.twitchythumbs.co.uk/integra you now get an Error 500 -Internal Server message. I've had a look at the config.php file and it looks like the Hacker was using this as his 'Hacker Screen' as this contains the text that loaded up initially with his stupid hacker message.

Unfortunately the only access we have too our site currently is via FTP, there is no method for us to login to the site as normal, what can we do?

One other thing too, the usual URL for our website is http://www.twitchythumbs.co.uk which is coming up with Error 403 - Forbidden, it was only when we stuck integra on the end of the URL (so http://www.twitchythumbs.co.uk/integra) that the hacker screen appeared, but as mentioned above this now shows a Error 500 Screen.

Any help and advice greatly appreciated.

[found it]

replace your config file with a new one with your database details as shown below...

Code: Select all

<php>

once this id done you should be able to see your site and login.... make sure you set the file to 644


if you make a file called index.php and add this into it.. upload to your root unless you have info at [url=http]http://www.twitchythumbs.co.uk[/url] then please ignore

Code: Select all

<phpheader>

this will redirect anyuser who types in http://www.twitchythumbs.co.uk ----www.twitchythumbs.co.uk/integra

let us know

[CaNNon]

Did you save a copy of that config.php?
I would like to have a look at it.

[monkey]

@CaNNon, no sorry I deleted it as I was that fuming about this stupid hacker and his stupid screen.

@found it Thanks for these files, however the index.php that I have is massive, where does this entry need to go, anywhere in particular.

Also with regard to the config.php file where this entry is listed:

$table_prefix = 'phpbb_';

do i need to add anything to it?

[found it]

@found it Thanks for these files, however the index.php that I have is massive, where does this entry need to go, anywhere in particular.

this is only to be used at the root of your site if you want to redirect your site to your integramod folder..

Also with regard to the config.php file where this entry is listed:

$table_prefix = 'phpbb_';

do i need to add anything to it?

This is for your database tables if you installed integramod as normal then there is no need to change these tables...

[monkey]

Still not having any joy unfortunately. I was just wondering if my config.php file needed any mention of the URL at all for the site?

[CaNNon]

config.php stores info to connect to the db. shouldn't need any site paths but the info must be correct.

[JohnnyTheOne]

you can limit connections to the integra part of your site by adding an ".htaccess" file with the following contents in the integra directory:

<Limit>
order deny,allow
deny from all
allow from 127.0.0.1
</Limit>

You will need to replace the "127.0.0.1" with your IP address. If you do not know your IP address go to:

http://www.dslreports.com/whois

You may add an additional "allow from..." line to specify the IP address for every user authorized to access the integra pages.

Because most ISPs assign dynamic IP addresses, you will need to update the ".htaccess" file whenever you find you can no longer access the integra part of your site. You will also need to change it using your FTP client or ISP file manager interface when accessing your site on the road or from a borrowed computer.

[Helter]

your htaccess was incomplete

changed post to [solved] Let us know if you have any more troubles