PDA

View Full Version : hacked version 5.1.1


Xeandrac
25th August 2010, 05:32 PM
Hi, today I got an error message:

"Fatal error: corrupted data in encoded file in..."

So I called my host, the told me the index.php was changed on 25 aug 2010 at 07:07.

Maybe there is a leak or weakpoint somewhere, maybe it's nothing.
Everything seems to be in working order, my site(s) are working normal as far as I can tell. The traffic is still counted and going out to the trades so there is no harm done.

Just figured I let you know...

Best regards,

Xeandrac

ICEFIRE
30th August 2010, 12:57 PM
If you mean the index.php in the cjadmin, that one is the same since version 5.0.1.

There are two reasons this file may have got corrupted.

1 ) A HD or system fault on the server side. It shouldn't happen, but it's still a machine and can fail.

2 ) You have a virus or something like on your machine that tries to change the files on the server side as soon as you login via ftp. Just check your computer for virus.

I think it may be a server side fault if your host machine got really busy at some point.

Xeandrac
6th September 2010, 01:41 PM
Since I did not log in through ftp on the 25 aug 2010 at 07:07 is has to be a glitch on the server.

Thanks for the reply :)

Xeandrac
13th September 2010, 05:32 PM
After having another incident on other files my host an I came to the conclusion that someone had to be listening in on the FTP. So to be on the safe side we decided to change all passwords including the Db passwords.

I am unable however to locate a 'change Db password' field in the network settings. Do I need to adjust the pass in the config.inc.php file?

Best regards,

Xeandrac

ICEFIRE
13th September 2010, 06:47 PM
The config file is a clean text php you can edit with any text editor. There is stored only the database user and pass, so you can put the correct values there.

Your host should have some kind of control panel that allows you to change the database password itself. CjOverkill has no option to change the database password from the admin panel nor it has such feature into the script, just as a security measure and to avoid people locking their own sites by mistake.