Just found one of my directories has been hacked, came across this site that suggests the exploit (http://www.milw0rm.com/exploits/5383), and checked my server logs and this is what was used.

Anyone else had this occur to them, and if so what did you do to fix it?

Update: Had a 2nd directory hacked, this time by a different group, I also restored the database of the first directory, but it was hacked by yet another group only hours later.

For now I've taken them down until I can get a chance to look into it more. If anyone needs server logs to figure out how the hack was done just ask.

Hi there,

Just had my directory hacked, I have no idea how to fix it. Any suggestions you have will be greatly appreciated. The server logs would be a good way to start, I guess so if you can give me the instructions that would be great.

Regards,

Helena

Yes same here mine was hacked too today. Need a fix!

Ours have been hit also (5 sites). Can any one suggest a fix for this script. We fix the sites and they get injected again. Any suggestions will be appreciated.

For anyone else that has been hit and doesn't know how to fix. If you have been hacked like us, just log in to your phpmyadmin and empty the settings, dir_settings, and categories tables in your database, then get your back ups out and import the Dumping data for the same tables you emptied.

Good Luck!

host fixed it, an hour later it's hacked again by another hackers group... when is that fix coming? Looks like hackers are having a ball with all the site sift directory sites!

After browsing these forums for a bit over the last few days it appears that the devs don't post in here too often so I figure a fix won't be forthcoming any time soon, so rather than wait around for a fix I've gone and bought a license for a different script and will be converting all my directories over to that.

Thanks for the use of your script in the past Site Sift, but I'm moving on.

my directory is also hacked restored and again hacked after few hours.

Any solutions for this?

Hello All,

I am new here but I had a client of mine contact me tonight with the same issues you have had. After looking at the exploits I figured this is the simplest way to fix it. The exploit is not an injection but it is a query that gets your username and password for the admin and then someone goes in and changes things.

To fix the problem go to your detail.php page in the main directory around line 5 right after



Add these lines



This will sanitize all the user input and convert all input to an integer.

I hope this helps you out.

Regards,
Phil

Mine has been hacked today, as well!

I tried the code in the above post, but no luck, darn it!

I guess I'm going to have to switch scripts too - this is sooo frustrating.

Joanne

This code will not fix a hacked site, you need to fix your site first or restore from a backup and then fix the lines of code above.

Regards,
Phil