Home General support

Site hacked...Albums redirected to an attack page

rpello Member
in General support
My web site got hacked and now my Zen Photo Albums can not be viewed. I get the index page to come up but when I click on a album I get redirected to a web page brendarco.ru which is a reported attack page. I've upgraded to Zen Photo version 1.4.1.6. Any suggestions greatly appreciated.

Comments

  • sbillard Member
    More detail can be found by searching this forum. But basically you need to remove ALL of the files that were on your site when hacked and replace with know good backup. The hack can go beyond Zenphoto.

    Of course, the new installation should be with zenphoto 1.4.2. But simply updating can leave hacked files around that allow the hacker to perpetuate the hack.
  • saltmine Member
    I have just had the same problem... again. My site was being hacked with an old version of Zenphoto 1.3.x so I changed my hosting and server and installed a fresh version of Zenphoto whatever the latest is. This is a fresh install and new database .. the only thing left over from my old site is the images. Within one day of the new site being live I have started seeing the hackers php files - something like w289493.php. What is going on!
  • acrylian Administrator, Developer
    Sorry about that but we cannot tell you. All known and reported security issues have been fixed.

    There are numerous possibilities how someone could get in. If the permissions on file/folders are too loose anyone can sneak in. If you use other tools it could have been that. Your computer/browser could have been hacked. It also did happen that servers in general have been hacked.

    You need to look at your server logs to find out. Best contact your host as well.
  • sbillard Member
    The original hack was able to modify files outside of the Zenphoto install, so if you did not cleanse the entire site residual may have been left over that allowed the hacker to redeploy the exploit.

    There are some good procedures for site cleansing posted elsewhere here by some users. But basically, they involve looking for such php files as you discovered and also looking at any .htaccess file on the site.
Sign In or Register to comment.