TOPIC: i hacked.???

hi
i installe joomla comment 3.26 and that's work very good.
but from Friday i have a problem .some one hacked me form joomla comment.and how can i know that?
because when i uninstall joomla comment from administrator(not database only file) my site backed.and before uninstalling ,when i go to joomla comment i have a error and about error .its error in my site on front pageand error on administrator when i choose manage comment is like that.
please help me

Ok, can you explain me again what happened, cause I really couldn't understand quite well. Who hacked you and why you think that he hacked you through joomlacomment?

How does you comment.class.php file looks like?

hi
i dont know who hacked me.but i know i hacked through joomla comment . because when i unistalled it (without drop the table in db) my site worked.
but when installed again i gave same problem.

I don't think you've been hacked lol, you're jumping to conclusions there I think. What you are experiencing is called a "bug". It's very common for a Joomla extension to break your entire website completely, this appears to be the case.

You're only using Joomla 1.0 or 1.5 Legacy so sadly I myself can't help too much as I only deal with Joomla 1.5, but I'll try anyway...

OK, looking at line 1232 of comment.class.php in JoComment 3.26 I see this......I have no idea what's causing your problem

The only thing I could think of is that your host is using an old version of PHP. Or, Joomla 1.0 has a bug or something. Please login to your webhost controlpanel and verify that PHP5 is in effect, you can also check Jooma admin panel > Help > System Info and check for usual things, SimpleXML Schema support; libXML v2.7.x or maybe 2.6 is good enough, and so on... it's all referenced in the Joomla installation guide.

Apart from that, Daniel you might want to check this out - apparently the use of // for commenting lines on some exotic PHP configurations can break the parsing engine.

(...)the > tag closes the php sesion despate it being commened out by //
use of /* */ to comment will solve this

no idea if that's the problem here though.

Maybe its an XML rendering engine problem. A phpinfo() dump would help.

OK reza, so JoComment did used to work once? What I can suggest is to retrace your steps and uninstall/disable everything to try and get it to work again. There is a chance that your webhost might have changed something internal on their servers, but usually they would notify via e-mail on library updates and whatnot.

hi
i installed the last version but after some day i think i hacked again
this is error on my index pageand i attached my comment.class.php
and i use joomla 1.5.9
and my php version is 5.2.9

where did you attach your comment.class.php? Idon't see it here.
Tomorrow I'm heading up for Holland. I will be able to help you first on Sunday.

hi
sorry
now attached comment-20090709.zip

Hey there! Definetely your comment.class.php file is not the same as in beta1.

you have something like this in it:
Uninstall the version you have, check that administrator/components/com_comment
and component/com_comment are deleted and install beta1.

Someone have changed the comment.class.php on your site.

reza,

Are you on a free or cheap webhost that forces ads/commercials on your website? That code looks a lot like a forced iframe for commercials.

If not, I guess you were hacked but that's a very very strange custom code for a hacker to do... not very secretive and easily detected

hi
ok i answer one to one
1-i installed 4 beta 1 some days ago.
and what happend for it?
Some one log in my ftp and change it?
if some one can log it , he can change more important thing.isn't correct?
and in the continue
i installed alpha 1 now
but there is one problem or i dont know strange thing
when i refresh some thing in firefox i see that wrote some thing on status bar
connecting to cazkafuq.cn
???

I asked if you were on a free webhost. Do you pay money for website space or not?

Some one log in my ftp and change it?

Why are you asking us we don't know... Change your password if you think someone got in

hi
i installed alpha 1 now
but there is one problem or i dont know strange thing
when i refresh some thing in firefox i see that wrote some thing on status bar
connecting to cazkafuq.cn
???
i paid for host

www.siteadvisor.com/sites/cazkafuq.cn/postid?p=1854182

Your site security has definately been breached, that's a malicious site.

Sorry, but this is outside the scope of what we can help you with. JoomlaComment has no vulnerabilities that we know of, chances are they either stole your passwords via keyloggers or ARP poisoning on your host machine, or you havn't kept your site secure enough.

Or maybe you did something really bad to tick-off some smart Chinese hackers somehow

This is something you will have to get support with elsewhere - JoomlaComment is licenced under the GNU which comes with absolutely zero warranty. Bad luck friend

All i can suggest is to change every single one of your passwords and keep a quality anti-virus and firewall on your computer up-to-date and active, and keep your Windows XP or Vista machine updated with Windows Update. Apart from that, you will have to contact support with your webhost or seek professional security advice to clean your site (or just wipe it completely). Your webhost provider can give you more resources and guidelines on how to proceed, with such things as checking access logs and other security checks for your website.

Good luck

look,you answer very hopelessly
i prefer daniel will come and answer to me
any way
i open my index.php from my template and i see a strange lin
lookwhat is it?

It's a frame inset to another site. It's not part of JoomlaComment, someone else added it.

Daniel is away for the next 24-48 hours, but he will definately reply when he gets back. He probably will be more helpful, even though this is not a JoomlaComment problem

Hey Reza,
sorry for the delay! As jonusC already said, you've been hacked! And that is not something that is related to joomlacomment - as you see your template file has also some strange iframe things in it. There can be a lot of things that are the reason for this - bad hosting(old OS version, php), old joomla version, stoled ftp password.
I think that the best thing to do right now is read this book:
www.packtpub.com/joomla-web-security-guide/book
Then you will be a professional in things security and will be able to determine where the problem comes from.

I'm sorry, but that is all I can tell you right now.