Oh noez, Hackerz!!!!

Today I detected that one of my sites was hacked. Some punks got access to one of my webservers, added some files and altered some other files. Lucky me, on this webserver is php forbidden and they couldn’t do any harm.

But from the start:

I host the website for one of the local sport clubs. The website is static, showing only some pics, contact and legal stuff. Once a year there I make a short report how the website is doing and what I’ve done. The deadline for the report is next saturday and so I decided to look on the webserver. And what did I found there? A recaptcha.php file:

Screenshot showing a recaptcha.php file in a filebrowser

This is funny, ’cause php isn’t allowed on the server. And hence it won’t work… I downloaded the file and promptly my antivirus software alerted me, that there is a “PHP/Agent.FA” virus in the file. Now I’m curious.

In the file is a decrypted javaScript call to an russian webserver. Good for me, the service provider disabled all *.php files, returning only a message that php is disabled. So the JavaScript couldn’t be executed even once. But if the hacker got access to the server and could already upload files… maybe he altered some too!

He did. In my index file is a new <script>-tag. It’s 100 lines of obfuscated code, very complex and nested. After half’n’hour of starring at this horror, I decided to decode it.

I wrote a small program in java which translates the \x64 characters into more readable chars. After that I only had to follow the functions… Unfortunatly all functions where named “I”,”j”,”l” and so on…

Finaly, eager to know what this function was intended to do, I set up a virtual machine (without network), and executed the script. The function added a new iframe to the site which loaded a new website. I googled the site and got warnings all over… This one should load a virus to my pc…

So in theory some people could have been infected with viruses by my site. Disgusting thoughts… Good for me, the website wasn’t well programmed (not my fault ^^) and had a problem with the frame/noframes tags. This circumstance in combination with the generic nature of the attack saved saved the visitors of the site from viruses.

Conclusion:

I was blind to the risks of hackers. The password seemed to be to short/easy or was hacked… I reported the hack to the chairman of my club, uploaded a clean version of the website and altered the Password. Hopefully this is enough.

Slideshow2 Vertical Alignment

To update my last post, this solution worked for me:

On the Slideshow2 homepage is an working example with vertical alignment. So I downloaded exactly  this version of the slideshow2.js and the according mootools and tadaa! It works. It seems that the current version simply is not capable of vertical scrolling.

A single drawback is still there: The option “resize” doesn’t work. But as long as you can live with that, the slideshow2 V1.2.5.1 is sufficient

Slideshow2 – Vertical alignment

I was looking for a javascript gallery plugin for a website I maintain. After I checked two or three plugins (incl. galleria) I decided that Slideshow2 is the tool, I’ll use. One of the big points in my decision for Slideshow2 was the simple integration of a vertical thumbnail list. I tried it in galleria as well but failed.

With Slideshow2 everything went well. Download the package, edit the file like specified and voilá you’ve got an vertical thumbnail list. Life can be so easy…

… until you add additional pictures: With more thumbnails than the complete height of the container (around eight in my case) the problems reveal. There is no scrolling!

After some (read alot) try and error I wrote to the googlegroup of the developer and sent a complete error description and a way to reproduce the problem in. So stay tuned 🙂