help
 

some douche bag keeps hacking into my site, http://www.teamwf.com and keeps changing the front page to some fucking gay islam arab shit saying your government is wrong in iraq and blah blah blah. all he is doing is changing the index file and he deleted my original one, and i dont have a backup. im trying to get one from surreal-media (its a template from their site). is there anything anyone recommends on how i can stop this fucker from constantly changing the home page?

Sorry can't help, but wtf kinda moron does that, that really isn't even an insult. oOo:

how about the F.B.I.

[quote="Sgt>Stackem":7e598]how about the F.B.I.[/quote:7e598]
I agree, hacking = illegal. Tell the feds and watch him spend 5 years of his pathetic life behind a steel door.

yeah im about to go check out the logs and see if i can pull anything up from that

Black Hatters who deface sites for the hell of it deserve to get arrested.

cuss:

How exactley is he h4xing you?

i dont know, im guessing through ftp or something. all he keeps doing is changing the index.php to some stupid shit. if he does it again, ill post and you guys can see.

try changing your ftp password first.

next, chmod your index.php file to: 755

HAHHA ALLAH ACKBAR JIHAD ROOLS SUPREME

Redirects to allah.cc or something like that?

He does it all through PHP, not FTP.

What this hacker does is so easy for him.

FBI can't do anything if he is foreign though? oOo:

what exacty is 755? i can only do it through internet explorers ftp thing, i cant use cuteftp cuz for some reason it always crashes when i go to chmod on a file/folder

http://www.perlservices.net/en/faq/cute_ftp.shtml#SIX biggrin:

[quote="Jin-Roh":c79ff]What this hacker does is so easy for him.

FBI can't do anything if he is foreign though? oOo:[/quote:c79ff]
they can to an extent. This hacker is attacking an american based serve. Its basically the same thing as defacing a us embassy. You can still get arrested and charged under US laws for it.

If you use IE, I think you can chmod with a right click > properties. Not 100% sure though.

Anyway, 755 = wrx-rx-rx

Owner: write - read - execute
Group: read - execute
everyone: read - execute

Also, I just looked over your site. If thats phpnuke or something similar, make sure its patched. herr strik0r is probably right that its a php injection trick, since you're running a php-based CMS.

no it isnt php nuke, it is a template from http://www.surreal-media.com. they make their own templates and you buy them. they give you a control panel as well, they are really good.

is it possible to ban a certain IP from accessing FTP?

Also, anyone know why my .htaccess file doesn't show up in the folder i put it in for ftp?

I found the perp...and I'm sorry, but it's ur so-called buddy Crockonater annoy:... [img]http://www.teamwf.com/img/crock.jpg[/img]

[quote="Eight Ace":d7bb0]I found the perp...and I'm sorry, but it's ur so-called buddy Crockonater annoy:... [img]http://www.teamwf.com/img/crock.jpg[/img][/quote:d7bb0]

lolol. hes the leader of the team. i met him in person, hes hella cool

.htaccess files are hidden by default in Unix systems. If you uploaded it successfully, it will be there. what are you trying to do with .htaccess?

also, what php functionality does the template give you? Even though it isn't phpnuke, its still probably php-injection h4x. search the index.php file for any of these:

[code:e1e9c]<? ?>[/code:e1e9c]

post whats between them, unless its a huge script.

fucking hackers annoy:

The hackers realize the war was wrong at least.

wow, you suck

im using the htaccess to ban an IP i found suspicious in the logs. here is the script:

[code:1b411]

php
$mysql_table = "cp_news";
require_once ("required.inc.php");
getHeader();
if (!$_REQUEST[s]) {
$s = 0;
$result = MYSQL_QUERY("SELECT * FROM $mysql_table ORDER BY topic_id DESC LIMIT $max_news") or die (mysql_error());
} else {
$s = $_REQUEST['s'];
$result = MYSQL_QUERY("SELECT * FROM $mysql_table ORDER BY topic_id DESC LIMIT $max_news, $s") or die (mysql_error());
}
$count = MYSQL_QUERY("SELECT * FROM $mysql_table") or die (mysql_error());
$rows = mysql_num_rows($count);
if ($rows == "0") {
echo "
<h2> no news! </h2>


There are no news items </p>

";
} else {
while ($mysql=mysql_fetch_array($result)) {
echo "<h2><span>" . $mysql[topic_date] . "</span>" . checkContent($mysql[news_topic]) . "</h2>


Posted By: <span>" . checkContent($mysql[news_author]) . "</span>



" . checkContent($mysql[news_message]) . "
</p>
";
}
}
echo "<center>";

if ($s != "0") {
$p = $s - $max_news;
echo "
Back " . $max_news . " | ";
}
echo "Home";
if ($s+$max_news < $rows) {
$n = $s + $max_news;
echo " | Next " . $max_news . "";
}
echo "</center>";
getFooter();

[/code:1b411]

gtfo of my thread

wow pretty cool shit right there

i luv himmlar

beer:

you don't know luv. hake:

[quote="Jin-Roh":2fea0]you don't know luv. hake:[/quote:2fea0]

I can tell you love isn't what you promised me you'd give me if I went with you into your motel room.

cry:

http://www.teamwf.com is that a CS clan?

I think im the only person in the world to have never played CS

its for cs: source

Well, there are connection strings for a mysql db there, so you can't really get around using php, unless you want to re-write it in asp or something. Can you find out from your host what version of php is running and also what version of mysql?

If Jesus played video games, he'd play CS:S. (And he'd use a deagle.)

[quote="Mr.Buttocks":be47f]
If Jesus played video games, he'd play CS:S. (And he'd use a deagle.)[/quote:be47f]and a tactical shield

Not to sure what version of PHP it is, but I am MySQL is 4.1.13a. If I find what version of PHP it is, ill letcha know.