Piwigo.org

Joergen · 2013-01-19 13:57:57

Hi,

since yesterday my web site is gone: http://www.fc-vhs-kaarst.de/

What would be the best way to solve the problem? How to start to fix it?

FTP acces is OK, backup from last monday available.
Error log and acces log says something happened yesterday.
But before I start to restore the backup, I like to know how to fix it.

Regards
Joergen

mistic100 · 2013-01-19 14:09:02

Hi,

which theme do you use ?

did you change it recently ? did you install a new plugin ?

flop25 · 2013-01-19 14:21:09

Indeed an extension issue. To complete what Mistic asked did you add JavaScript in a tpl file?

Joergen · 2013-01-19 14:35:10

Hi,

I think my theme is called Stripped (dark and black Background with orange Fonts)
I have made No changes for month. No plugin installed and nothing with Java.

I think some restricted Users have only uploaded pictures, but this is also some days ago.

flop25 · 2013-01-19 14:39:15

If it's orange it's Sylvia but anyway, rename the plugin folder to disable plugins to see their influence.
If it doesn't work copy past the content of thumbnails.tpl of your theme(s)

mistic100 · 2013-01-19 17:23:50

You have been hacked

see http://jeffreysambells.com/2012/12/12/anatomy-of-a-hack

I suggest you restore all Piwigo files from the archive and change all your password (cPanel, Ftp, MySQL, Piwigo)

Joergen · 2013-01-19 19:24:09

Hi,

thanks for the bad news. ;-)

How did you find out? Just by the error message coming on the web-site.

One additional question, do I need to ask all users of this site to change their password also?

Thanks for helping.

Joergen

flop25 · 2013-01-19 19:31:31

I also first thought of an hacking because unknown JavaScript in a front end file... Mistic greatly found the exact script
Yes you should inform your user. Because even if the password is different, the database password is written in a Piwigo file

mistic100 · 2013-01-19 20:03:41

I search "document.body++" on google, which returns many sites blocked (also hacked) and the above website

Joergen · 2013-01-21 15:21:51

So Provider has confirmed that script kids has contaminated the web site.
I need to restore the backup (fortunately I have one).

How can I make the site more safely and prevent attacks?

flop25 · 2013-01-21 15:31:01

What was the scripts you had in your website: Piwigo and plugins ? Other PHP files and Cms? But honestly the problem is usually a pebkac one, or you have a malware on one of the computer you used. Unfortunately the password are usually not so secured by FTP software

Piwigo.org

Announcement

#1 2013-01-19 13:57:57

Web Site gone :-(

#2 2013-01-19 14:09:02

Re: Web Site gone :-(

#3 2013-01-19 14:21:09

Re: Web Site gone :-(

#4 2013-01-19 14:35:10

Re: Web Site gone :-(

#5 2013-01-19 14:39:15

Re: Web Site gone :-(

#6 2013-01-19 17:23:50

Re: Web Site gone :-(

#7 2013-01-19 19:24:09

Re: Web Site gone :-(

#8 2013-01-19 19:31:31

Re: Web Site gone :-(

#9 2013-01-19 20:03:41

Re: Web Site gone :-(

#10 2013-01-21 15:21:51

Re: Web Site gone :-(

#11 2013-01-21 15:31:01

Re: Web Site gone :-(

Board footer