Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2010-04-01 18:40:57

sekhu
Member
Registered: 2005-05-12
Posts: 428
Website

My sites got hacked by a turkish hacker group

I wasn’t using the latest revision of tXp so I guess it’s down to me, I can’t rem what version I was using, but I’m not sure what to do now. One of the reasons for not updating was because I assumed that the plugins I used would be broken if I upgraded. After several years of use without such a problem they have both been hacked now.

I wasn’t sure where to post this, so if it’s in the wrong part of the forum, I apologise.

I’ve contacted my host, and asked that they restore my site from a previous version, I Will then update the sites with the latest txp, plugin compatible or not. I used my sites as a form of mental health therapy, so it’s kinda got me depressed.

Hope someone can guide me to fixing this.

thanks

EDIT: I have checked the updates folder in my txt pattern folder, and it says update to 4.0.3 I assume this is the version I have at the moment? Or is that something else?

Last edited by sekhu (2010-04-01 18:54:05)

Offline

#2 2010-04-01 19:03:11

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: My sites got hacked by a turkish hacker group

sekhu wrote:

Hope someone can guide me to fixing this.

What makes you sure that it was TXP that was hacked? They could have just hacked hosts server, or some other software running on the same server or it could be just dictionary attack.

  • Change all passwords and make sure that everything is hard to crack (db, roots, shell, ftp etc).
  • Always update if security update is released. If you don’t, well…
  • Even plugins needs to be updated and even plugins can open security issues. It’s good practice to validate the code before using.
  • Make sure that software running on the server is updated too and permissons are correct.

Last real TXP security fix was released couple years ago (4.0.6 2008). No issues have found since then.

Last edited by Gocom (2010-04-01 19:06:29)

Offline

#3 2010-04-01 19:42:24

sekhu
Member
Registered: 2005-05-12
Posts: 428
Website

Re: My sites got hacked by a turkish hacker group

I’m just guessing that txp got hacked, I am not certain if it was the cause. I say this because I haven’t updated my txp in quite some time. Although my root webpage also got hacked (they replaced the index.php with their own index.php). I will do the things you suggest, thoguh they didn’t delete any of my files. I don’t know why a pro-islam hacker woudl hack my humble site, as it’s not like it gets popular or anything, i use it for therapy!

thanks

Offline

#4 2010-04-02 02:54:51

joebaich
Member
From: DC Metro Area and elsewhere
Registered: 2006-09-24
Posts: 507
Website

Re: My sites got hacked by a turkish hacker group

sekhu wrote:

I don’t know why a pro-islam hacker woudl hack my humble site

No point in being depressed, it wasn’t a personal attack on you and had nothing to do with the content of your site. He/she hacked your site because they could, that’s the totality of it. The vulnerabilities of TXP 4.0.6 and earlier are now well documented and in the public domain, but as Gocom said, there may well have been other avenues of access for them.

Good luck with re-establishing your site. If _to_4.0.3.php is the most’senior’ of the files in the update folder, then your version would have been 4.0.3. There are fixes for most plug-ins that stopped working with version 4.0.6 and I’m sure forum folks would be happy to assist if you had difficulty finding some of them.

Offline

#5 2010-04-02 06:10:15

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: My sites got hacked by a turkish hacker group

4.0.3 is known to have had security deficits. See the accumulated change log for details.

Offline

#6 2010-04-02 07:05:01

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: My sites got hacked by a turkish hacker group

Hi sekhu

can you access the admin end of your site?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#7 2010-04-02 09:26:52

sekhu
Member
Registered: 2005-05-12
Posts: 428
Website

Re: My sites got hacked by a turkish hacker group

thanks for the info guys.

Fortunately my host has a back up of my sites and is happy to restore it. I did ask whether there was any logs or clues as to how the sites were hacked. They said they didn’t have any logs to offer any information in that regard.

@Colak – can you explain what you mean by admin end of my site? If you mean in txp, then no it’s been hacked that whatever page i visit, including the admin end of the site then it’s just the same hacker webpage.

It doesn’t look like they’ve deleted the majority (or any) of the files, I’m just assuming this as I don’t know where to check one way or the other.

They’ve replaced or redirected to their own index.php page. For example of what they’ve done you can click on “website” beneath my username here.

thanks for the help so far

Offline

#8 2010-04-02 09:43:19

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: My sites got hacked by a turkish hacker group

Steps to take:

Change all passwords, including those of your ftp and db.

Hope that your host brings your back on line soon.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB