Elxis CMS Forum

Support => Technical support => Topic started by: motters on October 11, 2009, 20:52:50

Title: my site will not load Fatal error
Post by: motters on October 11, 2009, 20:52:50

hi

my elxis site suddenly stoped working i and i get this when i go to it what is wrong

Fatal error: Cannot redeclare get_file_dir_() (previously declared in /home/content/m/0/t/m0tters1/html/wigan/.heder.php:4) in /home/content/m/0/t/m0tters1/html/wigan/mambots/.heder.php on line 12


my website is
i don't usder stand

plz help

 :'(

thanks alot

Title: Re: my site will not load Fatal error
Post by: ks-net on October 11, 2009, 20:59:13

../mambots/.heder.php

..../wigan/administrator/.heder.php?mylang=english

what is this file? have you a redirection of index.php to .heder.php(hiden file)

have you been hacked?

Title: Re: my site will not load Fatal error
Post by: motters on October 11, 2009, 21:02:21

i don't know what the file is. it look a bit fishy to me

this is the code

Code: [Select]

code removed by ks-net
what should i do

Title: Re: my site will not load Fatal error
Post by: ks-net on October 11, 2009, 21:05:37

you have been hacked

Title: Re: my site will not load Fatal error
Post by: motters on October 11, 2009, 21:06:05

what can i do to fix this

Title: Re: my site will not load Fatal error
Post by: nikos65 on October 11, 2009, 21:07:36

Please remove the link i get virus message from avast !!!

Title: Re: my site will not load Fatal error
Post by: motters on October 11, 2009, 21:10:49

what link i remove from first post

Title: Re: my site will not load Fatal error
Post by: ks-net on October 11, 2009, 21:12:17

it is a pain.. you  must find in which files is a call to this shit!

and delete this file(if it is only one)

it is sure that there is a redirection from index.php to .heder.php

i believe that there are several files effected .. not only elxis or tpls  index... start from them BUT

i think that you should install from the begin elxis...
secure your system an DO NOT install FOREIGN extensions

Title: Re: my site will not load Fatal error
Post by: motters on October 11, 2009, 21:23:15

right thanks i just look this heder file is in a few locations i will delet them and see what happenes

thanks alot

Title: Re: my site will not load Fatal error
Post by: datahell on October 11, 2009, 23:33:47

I found many joomla sites hacked by this exploit. I guess you have installed something from Joomla in your Elxis which is bad...

I am doing reverse engineering on the exploit to find out what it does. I will reply soon with the results.

Title: Re: my site will not load Fatal error
Post by: datahell on October 11, 2009, 23:46:25

Ok, the script does this:

creates an iframe with 1px width and height, and visibility: hidden in order not to be visible. So you might have it in your site and never notice it... And can be harmful to anyone that visits the site and has javascript enabled.

The source of the iframe is this URL:
(h)(t)(t)(p)(:)(/)(/)stats-analytics.info(/)users(/)in.php

This page is marked as bad from both Google and Firefox. Don't try to visit it.

Title: Re: my site will not load Fatal error
Post by: ks-net on October 11, 2009, 23:48:43

waaah  :o you have been marked as bad site to engines  almost immediately

PS removed all at link your site..

edit...
I posted at the same time with datahell...
there are  many files effected at his site... i suggest to install it from the begin!and also do a DB check