My directory was hacked

What happen to my directory was similar to what happen to Aaron Nimock before. Somebody hack into my phpld admin and changed the paypal ID. And somehow he managed to approve all the submission.

My directory is www.szab.net and using phpld 3.2. I realized that I received submission since November 30th but no payment received. Since that I'm on vacation right now, I unable to to check it until today.

The hacker paypal email is and the language for his paypal account is french.

 

Are you saying someone cracked your password and changed the payment address?

Thanks Brian

 

So how did the guy cracked your admin password (check the logs) and did u file a complaint with Paypal. I know by this time It will be really difficult to get the money back !

I know that you will be having two admin panel's.

 

I have no idea how he managed to login to change my paypal ID. Whether he somehow know my password or there are some way he can change paypal ID without login to admin panel.

Could someone please inform me how I can check the logs? I'm not expecting to get my money back though, just want to prevent it to happen again in the future.

 

this is serious.

Maybe you can tell this story in phplinkdirectory forum too.

 

lol rfi pwned

 

Exactly as said xc06, you must mention it at phplinkdirectory so they check whtats wrong with there software.

I hope installation files were removed and chmode of config.php was not 777
Fell sorry for you though.

Best of luck in future.

 

I would put a password protect on the admin folder for now until you find out whats wrong, therefore if he cracked your password, he'll need to do it twice, and youll notice if hes trying because of all the failed attempts.

 

there is one thing you can do... is product the admin directory with the password... and as admin will be having one more password to login so there will be double security in future to protect you and your directory...

hope it helps.....

 

it could be the duo combination of admin panel as you can change paypal email from both i believe ...

and if ur config file was chmod777 then u invited this trouble on yourself.

 

Or even better ip protected like http://www.h-log.com/admin/ i am sure most will see forbidden page there.

And even better chmod admin folder to 0000 via ftp and when editing just chmod back to 0755 .

Cheers

 

Normal admin page for me, but google ads on top

 

Damn ur ip matches mine than

 

Thats very nice.

 

hmm ... i see urs thing too you must be earning good cash because everyone have same ip as yours lol.

 

replaced the paypal ID ? first thing in my mind is ...you know his paypal ID ? report the incident to paypal and find the guy, is something serious here... my opinion

 

why not report to paypal about this fraud since u have the paypal id.

 

My www.paidwebdirectory.com was also hacked and he changed the paypal email, and when i contacted paypal they said we cant do anything as it was a digital delivery.

 

Hey Even I see your admin page, that means that the IP filtering method to restrict the admin panel is not working.

Hi Mikey, that is nice and simple trick. Just placing an .htaacess file in the admin folder, which can also be done from the Cpanel