Been hacked, need help!

v12kid · 10-26-2006, 07:37 PM

Is anyone good with GSS? My arcade was hacked and is redirecting to another arcade, this is very ****ty and I cant seem to figure out where the code is to redirect?

AIM me at v12kid asap if you can

thanks

admin · 10-26-2006, 10:40 PM

I just saw your message and went to your site but it seems to be fixed now.

ANy idea how the hacker got in and what got changed? This info might be useful for people who have GSS.

Entertainment-CMS.com · 10-27-2006, 07:18 AM

TheBossIsAway looks fine to me.

Hans · 10-27-2006, 09:58 AM

It looks also fine to me, but if you are still hacked then you should check support forums of that script, I am sure you'll find help from there.

bigarte · 10-27-2006, 06:16 PM

This is taken directly from the Author's site:-

Quote:

Various Security Problems Updated: 04-18-2006

Dear GameSiteScript Clients,

It has recently been brought to my attention that there is a hacker exploiting both "user stupidity" security issues and issues with certain servers that enable anyone to browse and view files on the server. GameSiteScript has helped this exploit along by allowing the uploading of files via the game submission feature.

You should read this whole e-mail. The issues may apply to you.

If you accept game submissions on your site via the "Submit" feature of GSS, and you have no .htaccess "deny from all" file in /uploadfiles/, and you have directory indexes enabled, you may be vulnerable. Don't find out the hard way.

I've listed things you can do to make sure you're secure. Any of the following will solve the problem. You don't need to take all the steps listed, just one.

1. Put a .htaccess file containing the code "deny from all" in your /uploadfiles/ folder.
2. Disable "directory indexes." This can be accomplished with a .htaccess file containing "Options -Indexes" placed.
3. Disable PHP and scripts in the /uploadfiles/ folder. Contact your host asking how to do this.
4. Install security software on your server (you must be the server owner) that stops "shell" style PHP scripts from running. If you don't know what I'm talking about, ask your server management company.

Additionally, I have had a report of a site being redirected to another site. How did the hacker achieve this? He modified the index.php file of the site! Whatever you do, DO NOT ALLOW PHP TO WRITE YOUR FILES. DO NOT CHMOD THEM TO 0777!

Don't let your GameSiteScript sites be hacked!

Also, another message for those of you that haven't changed the default admin username/password:

Do not leave your default username and password as admin/admin. Anyone can login to your admin area and modify your site. This is a huge issue with users that somehow think people on the Internet are nice and friendly and won't hack your site if they see an opportunity.

If you're not sure if you're secure or not, feel free to e-mail me your site details and I'll look into it for you.

Best Regards,
Louis Reingold

Hope it helps.

Entertainment-CMS.com · 10-27-2006, 09:14 PM

In other words, you can upload php scripts, then use them on the server.

bigarte · 10-27-2006, 09:18 PM

That's correct. It was a big problem back when this alert was issued. Haven't heard much about it since then (except for any peeps. using the nulled versions).

PS: I'm not suggesting that V12kid is using anything other than a fully licensed version BTW.

10-26-2006, 07:37 PM	#1 (permalink)
v12kid Preferred Member Join Date: Jun 2006 Posts: 178	Been hacked, need help! Is anyone good with GSS? My arcade was hacked and is redirecting to another arcade, this is very ****ty and I cant seem to figure out where the code is to redirect? AIM me at v12kid asap if you can thanks __________________ The Boss Is Away!

10-26-2006, 10:40 PM	#2 (permalink)
admin Preferred Member Join Date: May 2006 Location: Planet Earth Posts: 190	I just saw your message and went to your site but it seems to be fixed now. ANy idea how the hacker got in and what got changed? This info might be useful for people who have GSS. __________________ Red Line Services Web Hosting Time 2 Play Online Arcade

10-27-2006, 07:18 AM	#3 (permalink)
Entertainment-CMS.com ECMS Staff Full Member Join Date: Jul 2006 Location: England Posts: 70	TheBossIsAway looks fine to me. __________________ Entertainment-CMS.com Out Soon View Status --> Entertainment-CMS DEVELOPMENT BLOG <-- View Status

10-27-2006, 09:14 PM	#6 (permalink)
Entertainment-CMS.com ECMS Staff Full Member Join Date: Jul 2006 Location: England Posts: 70	In other words, you can upload php scripts, then use them on the server. __________________ Entertainment-CMS.com Out Soon View Status --> Entertainment-CMS DEVELOPMENT BLOG <-- View Status

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10-27-2006, 09:58 AM	#4 (permalink)
Hans onArcade Staff Full Member Join Date: Jun 2006 Posts: 50	It looks also fine to me, but if you are still hacked then you should check support forums of that script, I am sure you'll find help from there.

10-27-2006, 09:18 PM	#7 (permalink)
bigarte Contributing Member Join Date: Jun 2006 Location: Australia Posts: 33	That's correct. It was a big problem back when this alert was issued. Haven't heard much about it since then (except for any peeps. using the nulled versions). PS: I'm not suggesting that V12kid is using anything other than a fully licensed version BTW.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Sites been hacked	SpankyBear	Webmastering	12	07-09-2007 01:47 PM
Easily Hacked	Duality	GameScript	5	07-20-2006 12:24 PM