This Help forum is for issues relates to the latest release (1.7.9). For issues related to beta or github version please use their own Help forum.
Before asking for help please read "How to request help" by clicking on that tab above here."

TOPIC: Hacking

Hacking 2 months 21 hours ago #1

  • aase48
  • aase48's Avatar
  • Offline
  • New
  • Posts: 35
I still can’t use my site jannesslaegt.dk/webtrees.
In public_html Webtrees. Index.php I find the following:
What do I do?
Attachments:
The administrator has disabled public write access.

Hacking 2 months 18 hours ago #2

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 11610
> What do I do?

There is a vulnerable application somewhere on your server.

It is being used to insert malicious code into your "index.php" files.

You can keep repairing your files, but until you find/fix the vulnerability, there is nothing you can do.
The infection will keep coming back.

I don't know what other software you have on your site.
e.g. things like WordPress, Drupal, Joomla, PhpMyAdmin, etc.
Is all of it up-to-date?
Are all of its modules and plugins up-to-date?

...of course, if your webhost does not properly isolate all the users on the server, then it is possible
that the vulnerability exists in somebody else's site...

Did you check your webserver access logs, and compare with the timestamps on these files?
It might give you a clue as to where the vulnerability exists.

Note that the malware isn't actually working on your webtrees site. (It was not designed to work with webtrees!)
However, the index.php in your home folder is probably doing bad things.

You might want to check the webserver access logs. It is possible that its owners are trying to
activate it. You might find suspicious entries in the webserver logs.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

Hacking 2 months 17 hours ago #3

  • aase48
  • aase48's Avatar
  • Offline
  • New
  • Posts: 35
I had Joomla, but they removed it for me, and that didn’t help. webtrees is the only thing I have got. Every morning I cannot open my site. I will try to do as you have told me.
The administrator has disabled public write access.

Hacking 2 months 11 hours ago #4

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 11610
> Every morning I cannot open my site.

It is not clear if:

1) you re-install webtrees (to remove the malware) and it reappears each day.
2) you do something else (or nothing) every day.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
Last Edit: 2 months 11 hours ago by fisharebest.
The administrator has disabled public write access.

Hacking 1 month 4 weeks ago #5

  • aase48
  • aase48's Avatar
  • Offline
  • New
  • Posts: 35
I have deleted my webtrees and installed a new one. I chose a new password and username to prevent hacking. But they don’t seem to work
The administrator has disabled public write access.
Powered by Kunena Forum