1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Site Sift Listings Directories Hacked

Discussion in 'Directories' started by Scorpion, Apr 9, 2008.

  1. #1
    Today i was checking my directories and found one of our directory powered by site sift listings was hacked, when contacted the host they said.. "The hack seems to have come via the software used in the domain" Script is vulnerable to SQL injections.

    i restored it, but again it was hacked after few hours :mad: Temporarily i have taken down the site

    no response at ssld forum: forum.site-sift.com/thread3262.html

    Any one knows how to deal with it?
    SEMrush
     
    Scorpion, Apr 9, 2008 IP
    SEMrush
  2. CanadianEh

    CanadianEh Notable Member

    Messages:
    3,812
    Likes Received:
    380
    Best Answers:
    0
    Trophy Points:
    260
    #2
    CanadianEh, Apr 9, 2008 IP
  3. humm

    humm बहादुर बच्चा

    Messages:
    4,346
    Likes Received:
    850
    Best Answers:
    0
    Trophy Points:
    310
    #3
    humm, Apr 9, 2008 IP
  4. pipes

    pipes Prominent Member

    Messages:
    12,767
    Likes Received:
    958
    Best Answers:
    0
    Trophy Points:
    360
    #4
    Sorry to hear that, unfortunately it looks like hundreds of you are going to be affected.

    I can sympathise, ive been a victim before, not of this script.
     
    pipes, Apr 9, 2008 IP
  5. Scorpion

    Scorpion Well-Known Member

    Messages:
    268
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    108
    #5
    This vulnerable has been posted/made public on hundreds of security sites, google already shows 2000 results for "Site Sift Listings SQL Injection" keyword :)

    I guess most of the directories using this script will be affected
     
    Scorpion, Apr 9, 2008 IP
  6. pipes

    pipes Prominent Member

    Messages:
    12,767
    Likes Received:
    958
    Best Answers:
    0
    Trophy Points:
    360
    #6
    Yeah the news spreads fast unfortunately, as we type they will be trashing another directory on the script.
     
    pipes, Apr 9, 2008 IP
  7. mikey1090

    mikey1090 Moderator Staff

    Messages:
    15,869
    Likes Received:
    1,055
    Best Answers:
    0
    Trophy Points:
    445
    Digital Goods:
    2
    #7
    Time to backup your sites if you use site sift.
     
    mikey1090, Apr 9, 2008 IP
  8. Red_Virus

    Red_Virus Well-Known Member

    Messages:
    3,757
    Likes Received:
    249
    Best Answers:
    0
    Trophy Points:
    135
    #8
    Need to backup data and wait for the fix now. It is really sad to see hackers after this script.
     
    Red_Virus, Apr 9, 2008 IP
  9. WallaceYeung

    WallaceYeung Notable Member

    Messages:
    3,377
    Likes Received:
    164
    Best Answers:
    0
    Trophy Points:
    230
    Digital Goods:
    1
    #9
    WallaceYeung, Apr 9, 2008 IP
  10. iMacPhil

    iMacPhil Guest

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Please see the post here http://forum.site-sift.com/showthread.php?t=3262 I explain how to make a simple fix to the problem so that the exploit can't get at your admin username/pswd.

    Hope this helps,
    Phil
     
    iMacPhil, Apr 9, 2008 IP
  11. Rasputin

    Rasputin Peon

    Messages:
    1,511
    Likes Received:
    67
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Phil
    Thanks very much for this, I've used it - hope it works!
    Cheers
     
    Rasputin, Apr 10, 2008 IP
  12. indyguidedotinfo

    indyguidedotinfo Notable Member

    Messages:
    3,254
    Likes Received:
    202
    Best Answers:
    0
    Trophy Points:
    245
    #12
    at least he said sorry :)

    from worldforumsdirectory

    Hacked By ALQAWAFI



    Hack

    ALQAWAFI



    Sorry To Admin
     
    indyguidedotinfo, Apr 10, 2008 IP
  13. casinobonusguy

    casinobonusguy Active Member

    Messages:
    1,096
    Likes Received:
    57
    Best Answers:
    0
    Trophy Points:
    90
    #13
    Thanks for the heads up on this .
     
    casinobonusguy, Apr 10, 2008 IP
  14. calum

    calum Peon

    Messages:
    2,821
    Likes Received:
    141
    Best Answers:
    0
    Trophy Points:
    0
    #14
    I have the code for the hack, I don't think I am allowed to post here, but mabye someone with more php knowledge would be able to patch it for people until the developers do something.
     
    calum, Apr 11, 2008 IP
  15. JamieG

    JamieG Banned

    Messages:
    1,827
    Likes Received:
    126
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Don't post the code or anything related here, it could create copycats. Pass it on to the owners of that script, its their responsibility and I'm sure they'll try to fix it.

    I Hope every victim recovers, and as others have said, BACK UP.
     
    JamieG, Apr 11, 2008 IP
  16. calum

    calum Peon

    Messages:
    2,821
    Likes Received:
    141
    Best Answers:
    0
    Trophy Points:
    0
    #16
    Yeah I wont, I didn't think about passing it on thought but I will now.
     
    calum, Apr 11, 2008 IP
  17. marki8

    marki8 Well-Known Member

    Messages:
    977
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    135
    #17
    that script very simple and easy to use :( i like that script... but i afraid my directory will be hack so i change it to another directory script...

    i hope they will give a good support after this :)
     
    marki8, Apr 11, 2008 IP
  18. JamieG

    JamieG Banned

    Messages:
    1,827
    Likes Received:
    126
    Best Answers:
    0
    Trophy Points:
    0
    #18
    Come along to phplynx if you want, we'll be happy to help.:)
     
    JamieG, Apr 11, 2008 IP
  19. xc06

    xc06 Notable Member

    Messages:
    3,498
    Likes Received:
    332
    Best Answers:
    0
    Trophy Points:
    203
    #19
    my site - sift script directory was hacked too. what is wrong?
     
    xc06, Apr 11, 2008 IP
  20. xc06

    xc06 Notable Member

    Messages:
    3,498
    Likes Received:
    332
    Best Answers:
    0
    Trophy Points:
    203
    #20
    xc06, Apr 11, 2008 IP