I've been hacked please help

[Bennyh789]

Hi all,

Im in desperate need for your help

My website was hacked and whenever I type in my web address It automatically goes to;

http://k-k-k.com/

Please note I am NOT racist in anyway I just need your help

How would I get my game back to normal?

Thanks

Ben

[DreamCoder]

Contact ur providers tell them the issue?

[chicka]

Go through your users table somewhere around the time this has been happening. Probably an sql injection redirecting users to an other site.. Happened to me once :( Learned security since and so far so good

[Neon]

It could be a million different things. One quick way is to download your raw access logs and begin looking. If you don't know what your looking for, then send em to me and I'll take a look.

Or your FTP pass could of been jacked from the millions of viruses programmed to do just that. Then some malicious files were uploaded.

1) Change your passwords.

2) Check the "last modified" date on all your files on your server

3) Download and view the FTP & Access logs

Depending if we find the cause, your scripts may need securing.

[Bennyh789]

I've found the user that Done the SQL injection but surely deleting him wont solve the problem

[Bennyh789]

If I upload all of the files again before they were hacked will that solve the proble

?

[Neon]

Re-uploading the files will not a help an SQL injection at all. Someone exploited one of your queries because you did not properly cleanse a variable. Never trust the user input. You must strip tags, replace entities and add slashes. If you get me those access logs, I'll find where he "performed" this SQL attack and tell you what you need to patch or secure more.

[extra]

Odd, I went to danny's site a week ago too and one of his links went to that website.

[H4x0r666]

someone changed some settings or just an file you used.. to this;

<meta http-equiv="refresh" content="0;URL=http://k-k-k.com/">

if you use this code somewhere in your source.. when you visit that page where the script is used.. you will immediatly be sended to the url is used..

if i was you , i would use a back up of your website and replace the infected files..

and if you cant.. then download your source and use an search program to find these keys/codes

then you will solve it :D so good luck

Edited October 3, 2011 by H4x0r666

[Bennyh789]

FIXED IT

Thanks for your help guys

Ben

Edited October 3, 2011 by Bennyh789
fixed

[Lithium]

raw logs show nothing, and sorry to say but that is your own fault! Those issues are being discussed for a few years, and a few ways to fix them are widely spread around here.p

You need help? Sure, someone might give you some help, but you need to open your wallet if you don't know how to do it.

And an advice... There are only a couple of people around here who might do the trick effectively.

[Neon]

Those can't be the true access logs. They were just from October 3rd, and most were the cron jobs running. The only non cron-job was a login.php hit. So, not much help. Unless your security on the login.php page is poor.

However, seems you got it. Hope it doesn't happen again.

Best of luck.

[lucky3809]

need better security, also don't make your files rewritable by your users change the permissions. That is how your game got hacked by someone your files are not secured enough.

[lucky3809]

New day and age the internet has became a source for everything. Doesn't take a rocket scientist to know how hacking is done. I have also fixed someones game before that had the same thing happen to them. Which was a permission fix, and a few security fixes.