Just going through my list of UK Web Directories, and came across this hacked site http://www.scarletpages.co.uk/, Is the owner on these forums?
Not sure but its a phpld latest version so http://www.scarletpages.co.uk/admin/login.php lets get this sorted asap as I have one or two customers who use this script version.
ain't it? Okay. Not up on phpld too much just do the editing for a few customers, sorry about that. Is it a new problem with phpld or is it something that there is a fix for?
okay upon reading at phplinkdirectory people are finding that it usually another file or script that is hacked first but somehow leads to getting phpld hacked
Whois Record Domain name: scarletpages.co.uk Registrant: Stephen Pratley Registrant type: UK Individual Registrant's address: The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service. Registrar: Schlund + Partner AG [Tag = SCHLUND] URL: http://registrar.schlund.info Relevant dates: Registered on: 14-Jul-2004 Renewal date: 14-Jul-2008 Last updated: 13-Jul-2006 Registration status: Registered until renewal date. Name servers: ns33.1and1.co.uk ns34.1and1.co.uk
Can't see that being the case, gonna look into it though and hope it's something that's already been addressed before, or if I find any exploit regardless of my allegiance I'll post it here, one things for sure we got to unite on at least one thing and thats' against hacking.
ok check this out http://www.phplinkdirectory.com/forum/showthread.php?p=90397 post number 8 a bunch of sites on same server got hacked
oops just thought about it if you might not be able to read it unless you have support access so I will post it here
hmmm, puzzling, the three examples above are all owned by the same person. (name above). I just spoke to 1and1 tech support and they never knew of this but did say they didn't think it was their servers. Have pointed them to this thread so they hopefully can clear things up and give answers.
hmm, if it is easily broken into, I don't think that I will be interested in using their script for my possible future directory
all 3 on the same server.... i think the server has more got to do with it, but phpLD people should look into this M.
i checked the site on http://www.netcraft.com to see what OS its running but it does not say . I bet its probably windows!
You would think the hacker would take the chance to promote a website with a few links huh? What a waste...
I am sure this is not a phpLD related issue. I most cases, such issues turn out to be a server wide attack where index.php file is overwritten by the hacker. The owner's first priority should be to ask host if there was something on their end. The DB seems to be intact and you can even see submit page http://www.scarletpages.co.uk/submit.php In any case, I hope the owner have his backup and will sort it out.
I am pretty sure there is an exploit where they can use SQL injection on the directory, and they see if password with directory matches their actual cpanel login or FTP access....
well I have the owner http://www.stephenpratley.com/ and have emailed him when you check the header of the submit page it showed the company he worked for