quote:It redirects to a new port (19638) and ends up here:
Originally posted by Dagonee:
Can you see where dprhensim19.doteasy.com resolves? (How do you do that?) My host is doteasy, and this address is definitely my server.
code:~/Desktop% telnet princeclan.org 80
Trying 64.151.204.52...
Connected to princeclan.org.
Escape character is '^]'.
GET /
<html>
<head>
<META NAME="Title" CONTENT="ENO7 (TURKISH HACKER)">
<META NAME="Subject" CONTENT="HACKED BY ENO7 (TURKISH)">
<META NAME="Description" CONTENT="eno7 was here, HACKED BY TURKISH HACKER ENO7">
<META NAME="Distribution" CONTENT="Global">
<META NAME="Robots" CONTENT="All">
<meta http-equiv="Content-Language"
content="tr">
<meta name="GENERATOR"
content="Microsoft FrontPage 5.0">
<meta name="ProgId"
content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1254">
<title>ENO7 (TURKISH HACKER) "AYYILDIZ TIM DELTA SALDIRI TIMI"</title>
</head>
. . .
quote:
The hack is a basic "SQL injection" hack, which is why you cannot find any instance of that HTML code in your files on the site. The HTML is located in your database and generated when the headers (or wherever the code was injected) are called by the site files.
To fix this, you need to get into your website control panel. Hopefully, you have access to your database to be able to edit tables. Depending on the type of control panel you have for it, you can perform a search for a string of that code (just a snippet should do). Or, if you had the foresight to back things up, you can restore from a backup. Once that is fixed, you should be able to get to your page in a reasonable condition.
If you need more help there, e-mail me and I'll do what I can to help. I can also help you harden your site against such things in the future, which would include adding a bit of extra code in the files but would mostly involve changing file and folder permissions to a slightly-different-than-instructed-but-totally-functional configuration that is the cause of many holes like this. In fact, most files for content management systems like mambo have to do with the "xmlrpc.inc" file or the folder that holds it (often called "includes").
I've recently dealt with this stuff and with forum software, so if you need assistance I will do what I can.