SMF Support > SMF 2.0.x Support

So I just noticed my forum got hacked. (base64_decode)

<< < (3/4) > >>

comedorsamus:
Yeah, like I said I don't know how to work around these things, the hell is a macro? LOL I could try to learn about it but it's not as simple as tweaking SMF themes. So... I think I'll have to edit file bye file, oh Lord.

Time to pump my Girls Generation discography and get my hands dirt.

I just hope I can fix everything, I'll be on the lookout for any suspicious file, thanks.

K@:
A macro is something you kinda "program" the text-editor to do. So, in this example, I'd get it to:

START Find the section with the rogue code in.
Delete that section of code.
Save the file.
Load the next file.
Goto START

Kinda thing.

kachan64:
I would recommended TextPad.

Download all your files and then edit it with TextPad, after save the files you've edited and then upload to the server again.
Looks like someone's been doing some injection to your site.

comedorsamus:
So I think I'm done fixing everything, found some strange files, kinda makes me worried because I'm reading some lines refering to my (?) database, and this is something I know NOTHING about.

Did a Google search and one of the most suspicious file is exactly (?) like this one:

http://test.mare.qbfreak.net/bin/viewfile/TWiki/PatternSkinCssCookbookCenterPage?rev=;filename=wp-fika.php (safe to click?)

I'm not going to upload my file because it's huge and I'm not sure if it has login info.

And now I have one question! Should I use the Forum Maintenance > Empty Cache tool?


--- Quote from: kachan64 on May 03, 2012, 06:57:48 AM ---I would recommended TextPad.

Download all your files and then edit it with TextPad, after save the files you've edited and then upload to the server again.
Looks like someone's been doing some injection to your site.

--- End quote ---
Thanks, great program and really easy to use.

Storman™:

--- Quote ---And now I have one question! Should I use the Forum Maintenance > Empty Cache tool?
--- End quote ---

It won't hurt and probably a good idea in the circumstances.

So did you go back to RC4 or did you upgrade in the end ? If still on RC4 then considering doing an upgrade at some point so that you are up to date with security fixes etc.

Oh, and did you change your admin and ftp passwords by the way ?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version