Index.php gives homeproblem after the site was hacked

Nuke Cadet Joined: Mar 08, 2006 Posts: 3

Hi All,

I'am running an old 6.7 phpnuke site, which I wanted already to update.
But there maybe custom programming work in it so I thought maybe best is to set up a test server at home first and test the upgrede on that one, before upgrading the live server.
But I had just my testserver ready (sme-server 7.0 RC3 from contribs.org) and had my own phpnuke running when the site got hacked.
A hacker replaced index.php and mysql.php (resides in db directory).
I restored those from a backup but now I got:

Code:

sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main")); $name = $row['main_module']; $home = 1; if ($httpref==1) { $referer = $_SERVER["HTTP_REFERER"]; $referer = htmlspecialchars(strip_tags($referer)); if ($referer=="" OR eregi("^unknown", $referer) OR substr("$referer",0,strlen($nukeurl))==$nukeurl OR eregi("^bookmark",$referer)) { } else { $result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '$referer')"); } $numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_referer")); if($numrows>=$httprefmax) { $result2 = $db->sql_query("DELETE FROM ".$prefix."_referer"); } } if (!isset($mop)) { $mop="modload"; } if (!isset($mod_file)) { $mod_file="index"; } $name = trim($name); $file = trim($file); $mod_file = trim($mod_file); $mop = trim($mop); if (ereg("\.\.",$name) || ereg("\.\.",$file) || ereg("\.\.",$mod_file) || ereg("\.\.",$mop)) { echo "You are so cool..."; } else { $ThemeSel = get_theme(); if (file_exists("themes/$ThemeSel/module.php")) { include("themes/$ThemeSel/module.php"); if (is_active("$default_module") AND file_exists("modules/$default_module/".$mod_file.".php")) { $name = $default_module; } } if (file_exists("themes/$ThemeSel/modules/$name/".$mod_file.".php")) { $modpath = "themes/$ThemeSel/"; } $modpath .= "modules/$name/".$mod_file.".php"; if (file_exists($modpath)) { include($modpath); } else { echo "freek"; echo $modpath; $index = 1; include("header.php"); OpenTable(); if (is_admin($admin)) { echo "
"._HOMEPROBLEM."

[ "._ADDAHOME." ]
"; } else { echo "
"._HOMEPROBLEMUSER."
"; } CloseTable(); include("footer.php"); } } ?>

I tried to set the home to "News" in the phpadmin module, didn't help.
I dumped the sql of the board and downloaded it, and imported it in the testserver at home, this one works fine with it.
I've not seen any other file replaced by the hacker in the nuke folder than mysql.php and index.php.
Due to fact that its not a database problem, we access the forum to a temporary inex.html file that links to the News module, but I don't want to keep it that way, if any idea, please help!

Mytime[/code]

Nuke Cadet Joined: Mar 08, 2006 Posts: 3

Ok,

I've already fixed this.
It was a corrupt index.php file.

Mytime

Nuke Cadet Joined: Nov 16, 2006 Posts: 1

I ran into this same problem. Could you advise how to fix it. I use 7.5