Hello everyone,

I'm trying to repair my site after it was hacked by a spammer. I posted a help comment in the general forums http://drupal.org/node/314303, but I thought I'd ask here also because the problem seems to be originating my profile pages or APK.

Since the hack, whenever you click on a users profile from the main page's list of community members using IE, the page tries to launch pop-ups. I can't see what the pop-ups are because they don't appear on screen, so I am not sure how to track how they are being launched. Also, this user's page: http://www.ecoevolution.org/users/bushiwu has been altered somehow to create a split screen since the hack. I know the user personally, so it seems maybe their APK page was damaged or altered to create this effect. Again I don't know how to track down this problem to eliminate it since it doesn't appear to be a problem with the APK .tpl files.

Does anyone here have any ideas on how to find the malicious code to clean it out?

Thanks!
Hokus

Comments

hokuspokus’s picture

Version: 5.x-1.x-dev » 5.x-1.0-alpha5
hokuspokus’s picture

I wiped the problematic bushiwu account and then recreated it, so I think I got rid of the split screen part of the problem. My service provider found a couple of bogus accounts running scripts from my .tmp folder and others, and cleaned them out. Not sure how they got access in the first place, but maybe the problem is solved. Not sure if there are still pop-ups coming off my site because I can't check IE until later today. Can anyone else see if the pop-ups are still there and/or how they are happening?

Hokus

michelle’s picture

Status: Active » Fixed

Sounds like this wasn't due to APK.

Michelle

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.