Geeklog Forums

It seems that our website has been hacked and now I can't log in as the administrator. The hacker apparently deleted users 2-5 (all the users that had admin rights). How do I fix this (if possible)? http://www.bayareahokies.com thanks!

Here is a story that explains how to create a new root user (aka Admin).

I would be interested to hear if you can confirm that your site has been hacked and how (if possible), since this would be the first case of a Geeklog site being hacked that I'm aware of ...

bye, Dirk

If you look at his front page, it looks hacked. He's running version 1.3.6. I think this illustrates the danger of not keeping up with releases. No site is too small for these annoying script kiddies. They may have exploited something you already fixed. Well, hopefully.

I would be interested in seeing the logs .... sometimes these kiddies leave tracks that can be followed. They are not nearly as careful as the pros.

I'm not sure how I got hacked, but someone suggested that it was due to a security flaw in Gallery 1.3.2.

http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0

I can post my log if you're interested in seeing what happened. I've looked at the database and it seems that the hacker deleted a lot of my user accounts.

Thanks for the help! I don't mind a humourous hack, but this S$*T is just annoying.

Jameson

I think you either should post them or just send them to Dirk so he can review them and see what happened. Someone should try to figure out what this person did to break in. My bad. I didn't even check to see if you were running other scripts. It easily could be the Gallery or another script. These kiddies are so annoying. I feel for you because they leave a big mess which adds extra work none of us needs.

Here's the hacker's site and a screenshot of the damage he did.

http://www.hot.ee/nhx/defaces/bayareahokies.com/deface.gif

Looking at this guys web page, it appears that a couple more Geeklog sites were hacked too. Perhaps the webmasters of these sites might have additional information as to how this happened.

http://www.upwithdown.com | deface screenshot
http://www.mnjim.com (no longer using GL) | deface screenshot

The two you pointed out and the original poster are all running Gallery. It would be nice if someone would verify which script caused the break-in. If Geeklog's integration of Gallery contains an older version, I think the download needs to be pulled or updated so new people don't unsuspectingly install a well-published security hole

I hope you took the time to report them to the FBI and send a copy of your logs. By their own admission, they've been hacking up other sites since the end of last month. I reported them this afternoon, and seriously you ought to do the same since you have additional evidence they may be able to use. I don't know if they will consider this worth their time but if people do not complain they won't move at all.