Elxis CMS Forum
Support => Technical support => Topic started by: motters on October 11, 2009, 20:52:50
-
hi
my elxis site suddenly stoped working i and i get this when i go to it what is wrong
Fatal error: Cannot redeclare get_file_dir_() (previously declared in /home/content/m/0/t/m0tters1/html/wigan/.heder.php:4) in /home/content/m/0/t/m0tters1/html/wigan/mambots/.heder.php on line 12
my website is
i don't usder stand
plz help
:'(
thanks alot
-
../mambots/.heder.php
..../wigan/administrator/.heder.php?mylang=english
what is this file? have you a redirection of index.php to .heder.php(hiden file)
have you been hacked?
-
i don't know what the file is. it look a bit fishy to me
this is the code
code removed by ks-net
what should i do
-
you have been hacked
-
what can i do to fix this
-
Please remove the link i get virus message from avast !!!
-
what link i remove from first post
-
it is a pain.. you must find in which files is a call to this shit!
and delete this file(if it is only one)
it is sure that there is a redirection from index.php to .heder.php
i believe that there are several files effected .. not only elxis or tpls index... start from them BUT
i think that you should install from the begin elxis...
secure your system an DO NOT install FOREIGN extensions
-
right thanks i just look this heder file is in a few locations i will delet them and see what happenes
thanks alot
-
I found many joomla sites hacked by this exploit. I guess you have installed something from Joomla in your Elxis which is bad...
I am doing reverse engineering on the exploit to find out what it does. I will reply soon with the results.
-
Ok, the script does this:
creates an iframe with 1px width and height, and visibility: hidden in order not to be visible. So you might have it in your site and never notice it... And can be harmful to anyone that visits the site and has javascript enabled.
The source of the iframe is this URL:
(h)(t)(t)(p)(:)(/)(/)stats-analytics.info(/)users(/)in.php
This page is marked as bad from both Google and Firefox. Don't try to visit it.
-
waaah :o you have been marked as bad site to engines almost immediately
PS removed all at link your site..
edit...
I posted at the same time with datahell...
there are many files effected at his site... i suggest to install it from the begin!and also do a DB check