Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 13. Dec 2017, 20:42

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: 2. Oct 2009, 19:44 
Offline

Joined: 3. Jun 2009, 05:15
Posts: 19
HELP!!! Our site was hacked by Hacked By CWCihaN Powered By CyberShell =)

They uploaded files to the Joomla Uploader and hacked the whole site!! What do I do?????


Top
 Profile  
 
 Post subject:
PostPosted: 2. Oct 2009, 20:34 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10571
What file extensions do you allow to upload?
And how do you know that the attack was done this way?

- Michael


Top
 Profile  
 
 Post subject:
PostPosted: 2. Oct 2009, 20:55 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10571
and what do you mean with "they uploaded files to" ?

Did they upload file to the JFU directory itself? and executed something there? So did they only try to hide their file in the JFU folder?

Do you have any more details?

- Michael


Top
 Profile  
 
 Post subject:
PostPosted: 2. Oct 2009, 21:19 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10571
or have you made a copy of the administrator profile and made it available in the frontend - because this gives full access for everyone.

- Michael


Top
 Profile  
 
 Post subject: Hacked
PostPosted: 3. Oct 2009, 01:15 
Offline

Joined: 3. Jun 2009, 05:15
Posts: 19
I set it up so that .jpg., jpeg, .gif and ping file can be uploaded.

No, everyone cannot get in into administration. I set up two uploads, one for the owner of the site and one for their clients.

When they uploaded, it went to my my upload file in media files.

The site went down before I could get the file name. But, of was similar to this:

something.php.jpg

They uploaded seven files to the area where customer file go.

It took the whole site down. What do I do? If I go to the ftp of my server and erase everything and then upload and reload joomla and your program?


Top
 Profile  
 
 Post subject:
PostPosted: 3. Oct 2009, 01:34 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10571
have you allowed that they rename files? because a .jpg file cannot be executed!

and if then you have to check your server - this should not be possible! you first have to make sure that this is possible.

After that you can reload joomla and JFU.

If you don't know the settings anymore they should still be in the database.

- Michael


Top
 Profile  
 
 Post subject: Hacked
PostPosted: 3. Oct 2009, 03:35 
Offline

Joined: 3. Jun 2009, 05:15
Posts: 19
Here is the website where this happened. http://www.villagelandscapear.com
Yes, there is a place where they rename the files. Come to think of it after some of the files were uploaded, and I received another .jpg files when I went back to look at the files again almost all the files were gone. So they must have renamed them and done something with them. I am going to clean out my whole site. The I am going to reupload everything again. Will get back with you.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO