security- my dolphin site has been taken over

hi i have  dolphin site http://noozradio.com version 7.3.2 which appears to be taken over when i open it, it loads then forwards to a hack site stating

"Owned by ez4kn

Your security have broken down !"

 

all links/pages on site are compromised, i can however get into admin area only

 

has anyone got any ideas where i should look to get back my site?

cheers mike

Quote · 25 Jan 2017

noticed that 94 dolphin sites have been taken over/ hacked today by ez4kn when i did a simple search

https://www.google.com.au/search?q=ez4kn+hack&ie=&oe=#q=ez4kn+hack&filter=0

 

I attached the page that loads when i open my site

ez4kn.jpg · 373.1K · 329 views
Quote · 25 Jan 2017

Let me know if you need your site back up...

If you can get into admin panel - go to settings - basic settings -  and remove the code from the splash box.

Should be at the bottom 1 or 2 lines of code after the last 2 or 3 </div> tags

If you can't get into admin panel then look in the sys_options table in the database for ez4kn 

https://dolphin-techs.com - Skype: Dolphin Techs
Quote · 25 Jan 2017

as dolphin jay said....

also check your .htaccess file and index.php

 

let me know if you need some help

cheers and good luck-

Quote · 25 Jan 2017

Many Thanks !!! found the snippet in splash box and now its back working :)

Let me know if you need your site back up...

If you can get into admin panel - go to settings - basic settings -  and remove the code from the splash box.

Should be at the bottom 1 or 2 lines of code after the last 2 or 3 </div> tags

If you can't get into admin panel then look in the sys_options table in the database for ez4kn 

 

Quote · 25 Jan 2017

Your welcome.

https://dolphin-techs.com - Skype: Dolphin Techs
Quote · 25 Jan 2017

Do we know where the exploit is? Is it fixed in 7.3.3?

Quote · 26 Jan 2017

My site was taken over by this exact same thing.

I found it also in the splash area of the basic settings menu

 

How did they get it in there!

All for one and one for all....ah sod it who am i kidding!
Quote · 27 Jan 2017

 

My site was taken over by this exact same thing.

I found it also in the splash area of the basic settings menu

 

How did they get it in there!

Knowing the exploit is important as to prevent future hacks.  Was this a brute force hack of the admin account?  I don't like Boonex's idea of the admin account being a regular account and especially when the admin account is created as number one on installation.  So I start a brute attack against ID 1 on a Dolphin site knowing that if I can can gain control of that account I get admin access to the site.  It is a hole in Dolphin that needs to be closed.  Of course one thing you can do is to move the admin account from ID 1 and I suggest all Dolphin admins to do so.

Geeks, making the world a better place
Quote · 28 Jan 2017

If the site was on 7.3.2 or lower and wasn't patched, it was probably this: https://www.boonex.com/forums/topic/Dolphin-7-3-3-Manual-Security-Fix.htm 

 

That'd allow full access to files - and with a little extra effort - the database also. I'd check for any modified files within the last month or so. It's also possible if there was a weak password set on the admin account, it could have been that also.

 

Best way to keep this from happening again is to always be on the latest version or at least up-to-date on security fixes, have strong passwords for accounts (as well as cPanel/FTP), and to also make sure there is no malware on the computer that logs into the site or FTP.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 28 Jan 2017

Just about every day I get an error in my logs about the 7.3.3 line 187. I forget the exact error because they have been cleared out at the moment, but it's something like error in admin.inc.php line 187 string expected but array given, or something along those lines. So, hopefully it is working and fixed right.

I also set a deny from all in .htaccess to the administration folder and just temporarily comment it out when I want to log in to the administration. But, because I do this I get error logs when someone or thing tries to access files in the administration folder. Several times per day someone tries something on /administration/modules.php file. Not sure what is in that file right off hand, but someone likes that file. Unless there is another front side part of dolphin that requires the file and it is getting denied.

DialMe.com - Your One and Only Source For Boonex Dolphin Tutorials and Resources
Quote · 28 Jan 2017

Both of our websites are hacked.. we cannot access the Admin Panel and we do not have any knowledge of how to access a sys_options table in the database for ez4kn .... can someone please assist us? Or please provide a little more detail instructions.


Thanks in advance.


Quote · 19 Mar 2017

Do you know how to access the Admin Panel?

http://mysite.com/administration

Then enter your admin user name and password.

If you don't know how to access the database, it's probably best you don't try. It's easy to screw things up. 

Someone will offer to help eventually, so just hang in there.

 

Quote · 19 Mar 2017

I can help, it will be Monday before I could look at it.

Geeks, making the world a better place
Quote · 19 Mar 2017

 

I can help, it will be Monday before I could look at it.

 Great! Please message us to discuss!

Quote · 23 Mar 2017
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.