When we went to our page, the main page was hacked. I found the index file. This is what it said:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Documento sin título</title>
</head>
<body>
<p align="center">hOHOhOHOHOHOhO</p>
<p align="center">Happy HACK !!!!</p>
<p align="center"> </p>
<p align="center"><strong>AgReSsOr</strong> & <strong>Emi_shalala</strong><br />
was here and *beep* with ur box !!!</p>
<p> </p>
<p>root@server4 [~]# uname -a;id;uptime;w<br />
Linux server4.dnssecure4.info 2.6.10dn #1 SMP Thu Feb 17 16:46:53 EST 2005 i686 i686 i386 GNU/Linux<br />
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)<br />
22:55:59 up 3 days, 23:01, 0 users, load average: 0.21, 0.27, 0.34<br />
22:55:59 up 3 days, 23:01, 0 users, load average: 0.21, 0.27, 0.34<br />
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br />
root@server4 [~]#</p>
<p align="center"> </p>
<p align="center"><img alt="
http://tbc-labz.net/kiddie.gif" src="
http://tbc-labz.net/kiddie.gif" /></p>
<p align="center">irc.h4x0r.cl 6667<br />
#pc_labs</p>
<p align="center"> </p>
<p align="center">PD:And remember god dont love u <strong>
</strong></p>
</body>
</html>
I wish I can get that stupid person who did it.
I tried changing the MySQL passwords 900 times but still wasn't working. I just changed the admin password and I found a backup of the Gallery. I'm uploading it now to see what happens.
How do you scan your server? Thanks for replying.