Help! I've been hacked!

Jon12345 · **Help! I've been hacked! -** 11-05-2007, 10:08 AM

Go to this page:

http://www.accessdatabaserepair.com/esupport/

Any suggestions on how I can find out what page they have changed? It is a php file with loads of includes etc. Not sure where to look! Or could it be a redirect or something?

Thanks,

Jon

**Jamie Edwards** · 11-05-2007, 10:14 AM

Hi Jon,

What version of eSupport were you using? It looks to me they have simply included their own index files and replaced your own, but they may have done something more than that - you will have to go through all of your files checking for changes.

supportskins · 11-05-2007, 10:21 AM

I am not aware of any security issues with Kayako. Seems like they managed to hack your server and have replaced the index.php with their own page.

**Jamie Edwards** · 11-05-2007, 10:22 AM

Hi Jon,

It appears you must be running a very outdated version of eSupport (having checked your license details). I very much suggest keeping up to date with any web-based software to counter these risks.

Jon12345 · 11:01 AM

Correct, it is an older version but I cannot afford a more up-to-date version yet.

Under my esupport folder, I have an index.php page with the following. Is it as it should be or can you see anything suspect?

<snipped>

**Jamie Edwards** · 11-05-2007, 11:06 AM

Hi Jon,

Please do not post full source codes outside of snippet postings for the purposes of discussing modifications, as it invalidates your license and is against the forum rules.

Back to your hack - there is no one except the hacker who will be able to tell you what has happened.

I suggest you delete all of your eSupport files and reupload them after downloading them from the members area. I also strongly suggest you look at upgrading so that this does not happen again.

You should also look at all of your file modification dates and times throughout your entire web hosting account and check for any other modified files or any suspect looking things.

Thanks,

Jon12345 · 11-05-2007, 11:18 AM

I had no idea I broke rules. What I find strange about it is that I have done this:

1. Downloaded the esupport folder and then searched for keywords such as hacked, albanian etc. Nothing found.

2. I have checked the file modification dates on my server. Nothing changed since last year. Very odd.

I was hacked once before and found the errant code but this is a bit more hardcore.

**Jamie Edwards** · 11-05-2007, 11:19 AM

Hi Jon,

Have you checked for a .htaccess file? These are commonly used by hackers to redirect to something else.

supportskins · 11-05-2007, 11:21 AM

Make sure you re-upload the same version Kayako files.

Racked Hosting · 11-05-2007, 10:23 PM

Well, they could have even modified the templates itself. Did you search the templates?

Brent · 12-05-2007, 05:56 AM

Just remember if you do not upgrade now the hacker will be able to just do it again after you spend lots of time trying to fix it..

Sadly someone must not like you and people tend to keep trying to be pains in the butt on and on and on...

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Jon12345 Offline New Member Posts: 23 Join Date: Aug 2004	Help! I've been hacked! - 11-05-2007, 10:08 AM Go to this page: http://www.accessdatabaserepair.com/esupport/ Any suggestions on how I can find out what page they have changed? It is a php file with loads of includes etc. Not sure where to look! Or could it be a redirect or something? Thanks, Jon

supportskins Offline Senior Member Posts: 3,670 Join Date: Aug 2006 Location: Mumbai, India	11-05-2007, 10:21 AM I am not aware of any security issues with Kayako. Seems like they managed to hack your server and have replaced the index.php with their own page. Professional and Affordable Kayako Skins - Specialists in Kayako Skinning & Customization - Professional Paid Support Our Skins and Services - http://www.supportskins.com/store/ SupportSkins.com - http://www.supportskins.com/

Jon12345 Offline New Member Posts: 23 Join Date: Aug 2004	11-05-2007, 10:56 AM Correct, it is an older version but I cannot afford a more up-to-date version yet. Under my esupport folder, I have an index.php page with the following. Is it as it should be or can you see anything suspect? <snipped> Last edited by Jamie Edwards; 11-05-2007 at 11:01 AM.

supportskins Offline Senior Member Posts: 3,670 Join Date: Aug 2006 Location: Mumbai, India	11-05-2007, 11:21 AM Make sure you re-upload the same version Kayako files. Professional and Affordable Kayako Skins - Specialists in Kayako Skinning & Customization - Professional Paid Support Our Skins and Services - http://www.supportskins.com/store/ SupportSkins.com - http://www.supportskins.com/

Racked Hosting Offline Member Posts: 346 Join Date: Mar 2006 Location: Manipal	11-05-2007, 10:23 PM Well, they could have even modified the templates itself. Did you search the templates? Swaroop Hegde Director, Racked Hosting LLC

Brent Offline Member Posts: 124 Join Date: May 2006	12-05-2007, 05:56 AM Just remember if you do not upgrade now the hacker will be able to just do it again after you spend lots of time trying to fix it.. Sadly someone must not like you and people tend to keep trying to be pains in the butt on and on and on... KillerSurf Internet Services www.killersurf.net