Bienvenue, Invité
Nom d'utilisateur : Mot de passe :


This Help forum is for issues relates to the latest release (1.7.9). For issues related to beta or github version please use their own Help forum.
Before asking for help please read "How to request help" by clicking on that tab above here."

SUJET : Hacking

Hacking il y a 1 mois 3 semaines #1

  • aase48
  • Portrait de aase48
  • Hors Ligne
  • New
  • Messages : 34
I still can’t use my site jannesslaegt.dk/webtrees.
In public_html Webtrees. Index.php I find the following:
What do I do?
Pièces jointes :
L'administrateur a désactivé l'accès en écriture pour le public.

Hacking il y a 1 mois 3 semaines #2

  • fisharebest
  • Portrait de fisharebest
  • Hors Ligne
  • Administrator
  • Messages : 11532
> What do I do?

There is a vulnerable application somewhere on your server.

It is being used to insert malicious code into your "index.php" files.

You can keep repairing your files, but until you find/fix the vulnerability, there is nothing you can do.
The infection will keep coming back.

I don't know what other software you have on your site.
e.g. things like WordPress, Drupal, Joomla, PhpMyAdmin, etc.
Is all of it up-to-date?
Are all of its modules and plugins up-to-date?

...of course, if your webhost does not properly isolate all the users on the server, then it is possible
that the vulnerability exists in somebody else's site...

Did you check your webserver access logs, and compare with the timestamps on these files?
It might give you a clue as to where the vulnerability exists.

Note that the malware isn't actually working on your webtrees site. (It was not designed to work with webtrees!)
However, the index.php in your home folder is probably doing bad things.

You might want to check the webserver access logs. It is possible that its owners are trying to
activate it. You might find suspicious entries in the webserver logs.
Greg Roach - Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. - fisharebest.webtrees.net
L'administrateur a désactivé l'accès en écriture pour le public.

Hacking il y a 1 mois 3 semaines #3

  • aase48
  • Portrait de aase48
  • Hors Ligne
  • New
  • Messages : 34
I had Joomla, but they removed it for me, and that didn’t help. webtrees is the only thing I have got. Every morning I cannot open my site. I will try to do as you have told me.
L'administrateur a désactivé l'accès en écriture pour le public.

Hacking il y a 1 mois 2 semaines #4

  • fisharebest
  • Portrait de fisharebest
  • Hors Ligne
  • Administrator
  • Messages : 11532
> Every morning I cannot open my site.

It is not clear if:

1) you re-install webtrees (to remove the malware) and it reappears each day.
2) you do something else (or nothing) every day.
Greg Roach - Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. - fisharebest.webtrees.net
Dernière édition: il y a 1 mois 2 semaines par fisharebest.
L'administrateur a désactivé l'accès en écriture pour le public.

Hacking il y a 1 mois 2 semaines #5

  • aase48
  • Portrait de aase48
  • Hors Ligne
  • New
  • Messages : 34
I have deleted my webtrees and installed a new one. I chose a new password and username to prevent hacking. But they don’t seem to work
L'administrateur a désactivé l'accès en écriture pour le public.
Propulsé par Kunena