Some kids hacked our forum, any idea how we can get rid of them? http://www.extreme-money.com/forum.php
The forum doesn't looked hacked to me? It does look filled with banner ads though ah I see it with a 2nd look, the forum did come up fine the first time. This is the code, I'd place up a blank.html page while you're working on the site so your members don't freak out when trying to look at your site.. <body onload="scrlsts()"> <br> <br> <SCRIPT LANGUAGE="JavaScript"> var scrl = "Hacked By The CorruptSilence Team"; function scrlsts() { scrl = scrl.substring(1, scrl.length) + scrl.substring(0, 1); document.title = scrl; setTimeout("scrlsts()", 300); } </script> <style type='text/css'> font.glow {text-shadow: 0 0 0.2em #8F7} font.wglow {text-shadow: 0 0 0.2em #6F6} font.whiteglow {text-shadow: 0 0 0.2em #FFF} font.redglow {text-shadow: 0 0 0.2em #F00} font.blueglow {text-shadow: 0 0 0.2em #00F} font.greenglow {text-shadow: 0 0 0.2em #0F0} button.evil { text-shadow: -1px 0 black, 0 1px black, 1px 0 black, 0 -1px black; font-size:14px; font-family:Tahoma,sans-serif; font-weight:bold; width:140px; } img.shadow { image-shadow: 0.1em 0.1em 0.2em white } </style> </style> <LINK rel="SHORTCUT ICON" href="http://defaced.com.nu/dir/images/zombie-icon.gif"> <script language="Javascript1.2"> var mymessage = "IP Address Logged, I WILL come for you. ~ The B0x"; function rtclickcheck(keyp){ if (navigator.appName == "Netscape" && keyp.which == 3) { alert(mymessage); return false; } if (navigator.appVersion.indexOf("MSIE") != -1 && event.button == 2) { alert(mymessage); return false; } } document.onmousedown = rtclickcheck //--> </script> <script type='text/javascript' src='http://defaced.com.nu/dir/javascript/TypingText.js'></script> <head> <style> .shakeimage{ position:relative } </style> <script language="JavaScript1.2"> /* Shake image script (onMouseover)- © Dynamic Drive (www.dynamicdrive.com) For full source code, usage terms, and 100's more DHTML scripts, visit http://dynamicdrive.com */ //configure shake degree (where larger # equals greater shake) var rector=3 ///////DONE EDITTING/////////// var stopit=0 var a=1 function init(which){ stopit=0 shake=which shake.style.left=0 shake.style.top=0 } function rattleimage(){ if ((!document.all&&!document.getElementById)||stopit==1) return if (a==1){ shake.style.top=parseInt(shake.style.top)+rector+"px" } else if (a==2){ shake.style.left=parseInt(shake.style.left)+rector+"px" } else if (a==3){ shake.style.top=parseInt(shake.style.top)-rector+"px" } else{ shake.style.left=parseInt(shake.style.left)-rector+"px" } if (a<4) a++ else a=1 setTimeout("rattleimage()",10) } function stoprattle(which){ stopit=1 which.style.left=0 which.style.top=0 } </script> <body background="http://defaced.com.nu/dir/images/matrix-gradient.gif"> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-22942935-8']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </head> <table bgcolor='#000000' align='center' class="code notranslate" width="90%" height="5%" border="5" cellpadding="0" cellspacing="0"> <tbody> <tr><td> <center><img src="http://defaced.com.nu/dir/images/warning.gif"</center> </td></tr> </tbody> </table> <table background="http://defaced.com.nu/dir/images/trans-green2.png" align='center' class="code notranslate" width="90%" border="5" cellpadding="0" cellspacing="0"> <tbody> <tr><td> <center> <br> <b><font class='wglow' face='courier new' class='wglow' size="5">Hello, you just got</font></b> <br> <br> <div id="line1"><b><font class='wglow' color='white' size='3' face='courier new'> ██████████ ███ ███ ██ ████ ████ ██████████ ███████ <br> </font><b></div> <div id="line2"><b><font class='wglow' color='white' size='3' face='courier new'> ███ ████ ██ ██ ██ █████ ████ ██████████ ███ ███ <br> </font><b></div> <div id="line3"><b><font class='wglow' color='white' size='3' face='courier new'> ███ ████ ██ ██ ██ ██████████ ███ ███ ███<br> </font><b></div> <div id="line4"><b><font class='wglow' color='white' size='3' face='courier new'> ███ ████ ██ ██ ██ ████ █████ ████████ ███ ███<br> </font><b></div> <div id="line5"><b><font class='wglow' color='white' size='3' face='courier new'> ███ ████ ██ ██ ██ ████ ████ ████████ ███ ███<br> </font><b></div> <div id="line6"><b><font class='wglow' color='white' size='3' face='courier new'> ███ ████ ██ ██ ██ ████ ████ ███ ███ ██ <br> </font><b></div> <div id="line7"><b><font class='wglow' color='white' size='3' face='courier new'> ██████████ ██ ██ ████ ███ ██████████ ███████ <br> </font><b></div> <div id="line8"><b><font class='wglow' color='white' size='3' face='courier new'> ██████████ ██ ██ ████ ███ ██████████ ██████ <br> </font><b></div> <script type="text/javascript"> new TypingText(document.getElementById("line1")); new TypingText(document.getElementById("line2")); new TypingText(document.getElementById("line3")); new TypingText(document.getElementById("line4")); new TypingText(document.getElementById("line5")); new TypingText(document.getElementById("line6")); new TypingText(document.getElementById("line7")); new TypingText(document.getElementById("line8")); TypingText.runAll(); </script> <br> <br> </tr></td> <!--END ROW 1--> <!--ROW 2--> <tr><td> </center> <br> <center> <font class='wglow' size='5' face='courier new'><b>You Were Owned by<br></b></font> <font class="glow"><font color='#00ff00' face='tahoma'><b>The CorruptSilence Hacking and Coding Team:</b></font></font><br> </center> </tr></td> </tbody></table> <table bgcolor='#000000' align='center' class="code notranslate" width="90%" height="5%" border="5" cellpadding="0" cellspacing="0"> <tbody> <tr><td> <marquee><font class="redglow" color='#FFFFFF' face='tahoma'><b>Cryptik - Mystik - Hypno - Rummy</b></font></marquee><br> </td></tr> </tbody></table> <table bgcolor='#000000' align='center' class="code notranslate" width="90%" border="5" cellpadding="0" cellspacing="0" bgcolor='#000000'> <tbody> <!--ROW 1--> <tr><td> <center> <br><br> <img class='shadow' src="http://defaced.com.nu/dir/images/face1.jpg"> <img src="http://defaced.com.nu/dir/images/anon-mask.gif" height="344" width="426" class="shakeimage" onLoad="init(this);rattleimage()" onclick='norite()'> <img class='shadow' src="http://defaced.com.nu/dir/images/face2.jpg"> <!--img src="http://operatorchan.org/t/src/t223059_1442814-trollface_super.jpg"></img--> <br><br> <br> </tr></td> <!--END ROW 3--> <!--end table--> </tr></td> </tbody></table> </tbody></table> <table bgcolor='#000000' align='center' class="code notranslate" width="90%" height="30%" border="5" cellpadding="0" cellspacing="0"> <tbody> <tr height='20%'> <td width='50%'> <center> <font face='tahoma' class='wglow'><b> l| </b></font> <button class='evil' onclick="meow()"><b><font color='#009900'>CorruptSilence.tk</font></b></button> <font face='tahoma' class='wglow'><b> |l </b></font> </center> </td> </tr> <tr height='40%'><td width='100%'> <b> <center><font face= 'tahoma' class='wglow' color='white'>Shoutz to:</font><center> <marquee> <font class='whiteglow' face='tahoma'> | </font> <font face='tahoma' color='red' class='wglow'>coolguy1</font> <font class='whiteglow' face='tahoma'> || </font> <font face='tahoma' color='black' class='greenglow'>coolguy2</font> <font class='whiteglow' face='tahoma'> || </font> <font face='tahoma' color='green' class='redglow'>coolguy3</font> <font class='whiteglow' face='tahoma'> || </font> <font face='tahoma' color='orange' class='wglow'>everyone</font> <font class='whiteglow' face='tahoma'> || </font> <font face='tahoma' color='purple' class='blueglow'>would have</font> <font class='whiteglow' face='tahoma'> || </font> <font face='tahoma' color='white' class='wglow'>own color/style</font> <font class='whiteglow' face='tahoma'> | </font> </marquee> </b> </td></tr> <tr height='30%'><td width='100%'> <center> <font face='tahoma' color='#000000' class='wglow'><b>We will be back...</b></font> </center> </td></tr> </tbody></table> <!--scripts--> <script type="text/javascript"> function meow() { window.location='http://corruptsilence.tk'; } window.onbeforeunload = function() { alert("We'll be back :)"); } </script> <object width="1" height="1"><param name="movie" value="http://www.youtube.com/v/0kY6NsDlaLc?fs=1&hl=en_US&rel=0&autoplay=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/0kY6NsDlaLc?fs=1&hl=en_US&rel=0&autoplay=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="1" height="1"></embed></object> <!-- www.000webhost.com Analytics Code --> <script type="text/javascript" src="http://analytics.hosting24.com/count.php"></script> <noscript><a href="http://www.hosting24.com/"><img src="http://analytics.hosting24.com/count.php" alt="web hosting" /></a></noscript> <!-- End Of Analytics Code --> Code (markup):
I remember a "Top x Stats" had a flaw so people could redirect to their own site. The best bet is to disable all products and see if it happens again, if it doesn't assume it's one of your products with a vuln.
We disabled all products and created a new style, still same problem, unlogged users see error message. Unable to add cookies, header already sent. File: /home/extreme/public_html/forum.php Line: 1 We upgraded to latest Vbulletin version, looks like some SQL injections, the script is clean. We contact VB support, hope they can solve the problem.