Well there's no surprise that D7 has security issues with it. I had my site hacked. I was wondering if anyone can lend any information on how to fix this. If you go directly to my .com name it works fine. If you go to where my main i guess DNS is locate http://tankspace.com/ and click on my domain ChristiansClick.com it redirects you. Now the main root of my DNS had a dolphin site that was hacked. That site was "tankspace.com" how can I fix the redirect issue on my christiansclick part? I have yet to launch the site, but have put a years worth of work into it so far.
Thanks,
Ted
What's next to fix D8 issues? D9? (= |
Ouch!
Warning: Something's Not Right Here!
tankspace.com contains malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified tankspace.com that we found malware on the site. For more about the problems found on tankspace.com, visit the Google Safe Browsing diagnostic page.
ManOfTeal.COM a Proud UNA site, six years running strong! |
do you know how to remove viruses from your site?
mscott is really good with this, search the fourms.
You need to fix that first I would think
Your home computer may be infected as well
ManOfTeal.COM a Proud UNA site, six years running strong! |
The http://www.christiansclick.com has no redirect, not sure I'm following you on this.
you have a VPS?
ManOfTeal.COM a Proud UNA site, six years running strong! |
If you go straight to the link christiansclick.com it appears to be ok. If you go to tankspace.com then click on christiansclick.com it redirects to another site. What's next to fix D8 issues? D9? (= |
If you go straight to the link christiansclick.com it appears to be ok. If you go to tankspace.com then click on christiansclick.com it redirects to another site.
I'm not going "into" tankspace because of the red screen warning, "I will be infected from your site"
If your actually on tankspace and not getting a warning then your home computer is not "internet safe."
My browsers stop me with that big red page..
ManOfTeal.COM a Proud UNA site, six years running strong! |
I am able to get to it on my phone. Sorry I didn't explain that. I think I am outta luck and I'll have to seek help I guess on this. I appreciate your time. What's next to fix D8 issues? D9? (= |
Yous should read some topics on how to fix this..
http://www.boonex.com/n/Dolphin_Security_Roundup
http://www.boonex.com/googlesearch/search?q=site%3Aboonex.com+site+hacked&gse_filter=
found this snippet as well.
there are 2 major security risks/mistakes people make,
register_globals On and allow_url_include On
from the php.ini files i have seen people use to over ride the local register_globals On setting, most then go on to put allow_url_fopen On and then not knowing what allow_url_include is, they think its the same as allow_url_fopen and turn it on.
allow_url_include On is as dangerous as register_globals On
If the server is running SuPHP you have to make a copy of the php.ini file and edit it making sure it has:
register_globals = 0
allow_url_include = 0
allow_url_fopen = 1
If the server is NOT running SuPHP you can place the following in the .htaccess file:
php_flag register_globals off
php_flag allow_url_include off
php_flag allow_url_fopen on
If the server is running SuPHP DO NOT try the .htaccess methord as it does not allow you to override php via .htaccess
apply this security patch if you want to make sure you have added protection
edit /plugins/safehtml/HTMLSax3.php add this at the top above the require once
if (isset($_REQUEST['dir']))
die ('Hacking attempt');
so it looks like this:
if (isset($_REQUEST['dir']))
die ('Hacking attempt');
require_once( "{$dir['plugins']}safehtml/HTMLSax3/States.php" );
require_once( "{$dir['plugins']}safehtml/HTMLSax3/Decorators.php" );
this stops remote access to your directories.
Remember although this covers security issues locally on your servers site level, if the master setting are on, you are not 100% safe as a hacker can still get to your site if they hack the server above the account level.
the safest option, move to a host thats setup for Dolphin and know what they are doing.
I hope someone can help you today.. good luck.
ManOfTeal.COM a Proud UNA site, six years running strong! |
Do you have admin access, if so clear all cache and see if the site come up okay. Next check the files in your /inc/ folder for any that have been recently updated... and check the first line of those 'newly updated' files for suspicious code... if you can, check the file against the original (setup) file's code. If you find 'hacker' code there then remove it and check the permissions on your /inc/ folder... make sure it's not 777... should be 755.
When checking the /inc/ folder check this file: /inc/header.inc.php
Who do you host with?
http://pkforum.dolphinhelp.com |
