Go Back   Webmaster Forums UK SEO SEM Webmaster Community Forum - UKWW > Website Traffic and Marketing > Directories
IndexScript sites - apply hack fix IndexScript sites - apply hack fix
Register FAQ Members List Downloads Calendar Today's Posts Webmaster Resources Webmaster Blogs
 
 

Directories Information on promoting your website on Web Directories including Dmoz, Google, Yahoo, Haabaa and more.
Sub Forums :: Bidding Directories :: Announcements/Directory Reviews :: Templates

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-26-2007, 07:19 PM
gkd_uk's Avatar
Super Moderator
1904 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 73
  
Join Date: Mar 2007
Location: zeshaan.info
Posts: 3,713
Thanks: 1
Thanked 10 Times in 8 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default IndexScript sites - apply hack fix
Hi

If you are using the IndexScript software for your directory, there is a sql injection hole in the script which is allowing hackers to hack the database and then the site.

A fix is available which can be found at indexscript sql injection hole fix - IndexScript Forum

Any directory script can be attacked this way so I think you should all check and confirm with the script developer.

Also make a backup of your site and your SQL databases as the hackers checking for vulnerable sites which can be hacked via SQL injections.

Thanks
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #2 (permalink)  
Old 07-26-2007, 07:39 PM
temi's Avatar
Facilitator
5166 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 283
  
Join Date: Jun 2003
Location: London, England.
Posts: 11,929
Thanks: 3
Thanked 29 Times in 20 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Send a message via ICQ to temi
Default
Thanks for this info, I know Bagi use that script as well, I hope he is aware. I will PM this url to him
__________________

* Build a shopping cart for your business with eCommerce software UK
* BossCart.com can build you a
Bespoke shopping cart
::
Add Eco sites to The Green Directory free of charge.
Use LBS Free PHP Directory Script for your next Directory Project
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #3 (permalink)  
Old 07-26-2007, 07:47 PM
gkd_uk's Avatar
Super Moderator
1904 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 73
  
Join Date: Mar 2007
Location: zeshaan.info
Posts: 3,713
Thanks: 1
Thanked 10 Times in 8 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
I have already sent him a pm and he has replied
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #4 (permalink)  
Old 07-26-2007, 07:52 PM
Bagi Zoltán's Avatar
Boss Cart consultant
1115 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 8
  
Join Date: Feb 2007
Location: Veszprém, Hungary
Posts: 1,600
Thanks: 4
Thanked 50 Times in 13 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
Unfortunatly my site was also hacked yesterday night 10pm. I was very lucky and could repair the site without any db backup, login was a little interesting since the nice guy changed my password. Otherwise my site was hacked again in the morning. They placed the description meta tag with a meta-refresh.

I have just changed the codes pointed by GKD, thank you again.
__________________
Time may come when you will need a shopping cart
digitális mérleg keresőoptimalizálás
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #5 (permalink)  
Old 07-26-2007, 07:59 PM
gkd_uk's Avatar
Super Moderator
1904 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 73
  
Join Date: Mar 2007
Location: zeshaan.info
Posts: 3,713
Thanks: 1
Thanked 10 Times in 8 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
No problem Bagi

I visited the directory forum earlier and found the info. The developer has tested it and said all seems fine.

I guess I was too late. If I had known earlier, I would have sent you the fix before your site got hacked
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #6 (permalink)  
Old 07-26-2007, 07:59 PM
temi's Avatar
Facilitator
5166 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 283
  
Join Date: Jun 2003
Location: London, England.
Posts: 11,929
Thanks: 3
Thanked 29 Times in 20 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Send a message via ICQ to temi
Default
sorry to hear about this....good luck guys
__________________

* Build a shopping cart for your business with eCommerce software UK
* BossCart.com can build you a
Bespoke shopping cart
::
Add Eco sites to The Green Directory free of charge.
Use LBS Free PHP Directory Script for your next Directory Project
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #7 (permalink)  
Old 07-26-2007, 08:01 PM
gkd_uk's Avatar
Super Moderator
1904 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 73
  
Join Date: Mar 2007
Location: zeshaan.info
Posts: 3,713
Thanks: 1
Thanked 10 Times in 8 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
Thanks Temi

Hopefully the fix has resolved this problem. I guess I would have been next to be hacked if I had not found the fix but these hackers always find another way
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #8 (permalink)  
Old 07-26-2007, 08:13 PM
gkd_uk's Avatar
Super Moderator
1904 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 73
  
Join Date: Mar 2007
Location: zeshaan.info
Posts: 3,713
Thanks: 1
Thanked 10 Times in 8 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
Some details on the hack can be found below. I guess this is the way they are hacking

IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #9 (permalink)  
Old 07-27-2007, 04:45 AM
Bagi Zoltán's Avatar
Boss Cart consultant
1115 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 8
  
Join Date: Feb 2007
Location: Veszprém, Hungary
Posts: 1,600
Thanks: 4
Thanked 50 Times in 13 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
I've just checked my hittail log and it seem that many new nice guy arrive to my site with the "This site is powered by indexscript" referral keyphrase. When my site was attacked i immediately remove this line form the template. ARRRRGGHHHHH!!!
__________________
Time may come when you will need a shopping cart
digitális mérleg keresőoptimalizálás
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #10 (permalink)  
Old 07-27-2007, 05:30 AM
temi's Avatar
Facilitator
5166 posts this year. Platinum VIP!
Trusted Member - This user is a Master!
Last months UKWW Tokens: 283
  
Join Date: Jun 2003
Location: London, England.
Posts: 11,929
Thanks: 3
Thanked 29 Times in 20 Posts
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Send a message via ICQ to temi
Default
So "This site is powered by indexscript" is what they have been using to find index script powered sites
__________________

* Build a shopping cart for your business with eCommerce software UK
* BossCart.com can build you a
Bespoke shopping cart
::
Add Eco sites to The Green Directory free of charge.
Use LBS Free PHP Directory Script for your next Directory Project
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
Reply
Page 1 of 2 1 2 >

Bookmarks

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Webmaster Resources
UK WW SEO Tools
Find UK Hosts
 
The Forum Rules
Forum Rules - MUST READ
 
Site Of the Month
BizzFace
Nominate site of the month
 
Tag Cloud
0bones ad agency backlinks beauty bid directory brand handbag brand new cash christian dior purse clothes content for sale contest directories directory dooney and bourke purse exchange faric handbag fendi purse free free directories gambling giveaway go kart graphic desingning guaranteed listing handbags high replica internet directories jewelry juicy couture purse link link development link leaders link popularity links link sales louis vuitton purse marc jacobs purse mortgage page rank pet picture of the day poker post request seobowl social sunglasses themes today in history versace purse wallets web desinging web hosting web space wordpress writer

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump