If the changes are also showing on your local copy of Actinic it is most likely:

1. someone internal has done this
2. they are unreleated

The internal hacking is so very low key it is pointless ... hackers are either invisible (to steal your bank details) or in your face (for maximum exposure like your acatalog/index.html page).

Reset the navigation bar text and purge / upload your site again. I would FTP to the site to remove acatalog/index.html just prior to the upload.

Check with your hosts if other sites have been hacked.

is it best just wipe actinic off my computer and then reinstall it.
i think i have a back up somewhere.
or can i download the site back into my actinic on my computer

regards
Rob

oh yes by the way
a woman rang me to tell me about this hack, do you think it was her ??
it was a held number

If you are concerned about Actinic being 'messup up' on your PC then restore your site from your last snapshot. You cannot restore from your online store.

Your site can be interfered in only two ways, either offline on your PC and then uploaded or online. If it was offline then password protect your pc, add firewalls etc. If it was online then check your FTP logs and contact your host.

Posting the URL on the forum here is not going to get your site hacked - it takes malicous intent.

If you can see anything wrong on your PC then this is extremely unlikely to have come from the live website. Actinic only uploads your website, it doesn't download anything except encrypted orders.

Best look closer to home for these changes.

As already stated if the hack is visable on your pc then it has been inserted at the of and then uploaded.

This means one of two things either the person who hacked it had physical acess to your pc or your security software allowed a remote attack. Either way it's not an actinic or forum related problem.

To resolve it simply restore a previous snapshot prior to the hack and upload. Then protect your pc better.

having read your first post, are you saying your live site was hacked or your PC. You need to determine which one before progressing

If its only the live site then all you need to do is wipe the webspace clean and reupload - although it sounds like your host is already on to it. Ask your host if the server got hacked or if its just your site.

Regardingthe woman who phoned - this sounds spooky - unless it was your host

If this the only change you've seen?

Have you been making any changes to:

Site Options | Links

This is where the text for these links are determined. Is it possible that they've been over written by mistake?

Can I also suggest that you snapshot all the time. Get into good habits now, because once your site is complete and something goes wrong, you'll have to redo an awful lot...

Take it from a man who knows...

I cant see them hacking my pc as I do have a norton firewall on all the time. it must have been on the server then came in that way.
I will wipe my site clean then upload again
thaks everyone for your help, but keep an eye out for this hack, they may like actinic or php scripts

I don't think you should advertise the code that the hackers left on your site. You are just adding fuel to the fire.

Although the post has already been googled I think you should remove the page source code above in post 3.

done done done

My guess is that a bit of spyware or an infected file has maybe come in via an email or something like that. It could have been sitting on your PC for a while before doing the rewrite of your files. A firewall wouldn't protect you from that.

Restore a snapshot and do a good thorough spyware and virus scan and you should be back in working order.

blimey, this feller has been busy:

http://www.google.co.uk/search?q=Fun...ient=firefox-a

There's nothing i detest more than political/religious cracking.

Such a waste of good skill.

any indication of where the vulnerability was?

do you know of good reference site for hacks and solutions Gabe?

lol, none that i can post here.

its not something that is black and white, i'm afraid the vector of attack could have been anything, but you can be sure that its probably one of these two:

1) The computer was compromised
The system where actinic was installed could have been compromised. Virus from emails or other means makes it trivial to replace 'index.html' files on the local machine. Actinic would then upload this as normal. I'd suggest that Actinic should md5 check all files on upload as well as generation, to stop this behavior.

2) The server was compromised
This takes 2 forms, and the second is usually the vector
i) ftp, its very possible for the ftp to have been compromised, because of the nature of the hack in question (some similar hacks also have content in databases).
ii) Web server based compromise.

This is most likely.

Due to the nature of Actinic (cgi-bin perl base), there were some vulns found in some perl. I'm sure they cleared all that up.

This type of compromise involves using security faults in server scripts to effect files on the server. For example, a script may accept form post. If this nput is not checked for safety, then its very likely that this input will be used to write malicious data to a disk, or even to a database.

The latter does not affect Actinic, since there is no database.

I think in this case, if this is a server based hack, its most likely that unchecked perl is the culprit, and if a local compromise is this crackers bag, then I cant vouch for the validity of the computer in question.

Regarding how this occasionally happens to Actinic sites, It could be that the server itself is compromised, and has nothing to do with the fact that Actinic is on it. some servers are very badly configured and there are *plenty* of avenues of attack, trust me.