Buy Now
Sign in

chronoforms hacked ???

dannyd , November 20 2007, 03:23
D
dannyd 37
November 20 2007, 03:23 #3832
I spoke with my host and they said that in the /administrator/components/com_chronocontact/excel_writer/OLE.php is used for spamming ?? they said its somehow linked with some christian spam. Is this true ?

What does this file do ?
D
dannyd 37
November 20 2007, 03:25 #3834
what permissions should the contents of the administrator/components/com_chronocontact be set at in order to work ?

sorry it was excelwriter for my other post
GreyHead 64
November 20 2007, 04:58 #3840
Hi dannyd,

Seems pretty unlikely to me. I had a quick Google around and didn't find anything that suggested a problem. Did your host quote anything firm to you, or just rumour?

The file is part of the PEAR package for dealing with file wrappers like Excel info here.

Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
D
dannyd 37
November 20 2007, 05:14 #3846
Can I change the permissions on these files to 644 or something that would keep hackers from using them or associated files ?

They said they would usually shut down a site that wasnt secure and they said that the OLE file and associated files was the cause for hackers using to spam out emails.
admin 27
November 20 2007, 05:51 #3851
Hi Dan,

Which chronoforms version do you have ? V2.3.6 comes with a security fix regarding the excel writer files, please delete the whole excelwriter directory at your server and all files included then download chronoforms v2.3.6 and upload the one in there, if you can overwrite the files : admin.chronocontact.html.php and admin.chronocontact.php, other 2 files start with toolbar then you will have a CSV file export option too!

Please let me know how this will go!

Cheers

Max
Max
If your main question got answered then please mark the answer using the button!
Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
D
dannyd 37
November 20 2007, 06:05 #3857
Can you send me the new version with how to upgrade. The site is live i dont want to disrupt the site. Is it a simple overwrite ?
admin 27
November 20 2007, 06:18 #3861
Hi Dan,

This is very simple, download V2.3.6 from the downloads area, extract it, get the excelwriter folder, now go to your joomla site root and then to administrator/components/com_chronocontact/

then upload the new excelwriter folder, this will overwrite the old one and thats all

other files I talk about are at the same package and the same path!, in case any problems happened it will be in the admin area and your site visitors won't even feel it and we have the time to fix quick!

Cheers

Max
Max
If your main question got answered then please mark the answer using the button!
Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
K
kondyak 5
November 21 2007, 13:40 #3933
I got hacked too. Turkish website. I have no idea what to do. Please advise.

Site is here.<br><br>Post edited by: GreyHead, at: 2007/11/22 00:26
GreyHead 64
November 21 2007, 15:59 #3937
Hi kondyak,

Looks like they've found a way to FTP stuff onto your site, or possibly a script injection. You may find the answer by Googling around. Unlikely that it was a problem with ole.php as Dan mentioned a spamming breach with that.

The fix is something like this:
    [*]FTP to your site[/*][*]put an index.htm file in the root to set the site off line[/*][*]check on which files, probably in the root, have been modified recently and replace them with good copies[/*][*]back up the database[/*][*]update Joomla to the latest version and check on any extension that you use[/*][*]start up the site again and make sure that all is well, probably it is from this type of hack[/*][*]if not you'll have to go back and work some more I'm afraid[/*]
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
admin 27
November 22 2007, 01:58 #3977
Hi Kondyak,

Your site is still down, they seem to be changed your config file and/or the index.php, send me FTP access to your website and Joomla admin login too and I will fix that for you quick if its this only, or may be they deleted/edited some files in case you had bad permissions for public (like 777) and in this case you must follow all steps provided by Bob in the post above!

Good luck!

Max
Max
If your main question got answered then please mark the answer using the button!
Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
K
kondyak 5
November 22 2007, 03:05 #3991
Ok.

Thanks very much for the quick response.

I'm just the Adwords guy for the site, although I did add chronoforms, so the developer who initially set up the site is going to take a look at it. If we're still having problems next week I'll post again.

Thanks so much,

Kevin
K
kondyak 5
November 22 2007, 03:20 #3992
What if the URL where I would normally go to sign in to Joomla Admin is the same as the homepage... and the ftp login page says that the website is temporarily unavailable...

Is this like the definition of a complete hack?
admin 27
November 22 2007, 03:57 #3994
Hi,

Yes this is a hard one, I guess your only way now is through the website cpanel, go there and find the hack files and remove them, an expert should do this so you don't get things more complicated!

good luck!
Max
Max
If your main question got answered then please mark the answer using the button!
Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!