Forum being hacked

Started by HorTs, February 18, 2011, 04:02:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

HorTs

February 18, 2011, 04:02:19 AM
Hi,

My forum was hacked yesterday, and I upgrade to RC5 to remove the infection and for better security. Here is my topis from yesterday - http://www.simplemachines.org/community/index.php?topic=422497.0

Today I woke to find the forum hacked again.

This time I checked index.php which had a load of non-standard code, I replaced that file and all seems fine.

Is there something I'm missing or something that I should do?

Thanks in advance.

Roph

#1
February 18, 2011, 04:41:00 AM
If you replaced all files due to the RC5 large upgrade, then it is most likely not SMF through which you're being attacked. There aren't any known security holes in SMF 2.0 RC5 that would allow that to happen. They're probably getting to your server by some other means. That is, unless you're using a mod for SMF that has holes in it.

Also note that once you have been successfully attacked, the attacker can then place their own means of retaining access. So even if you fix the hole through which they originally got in, they now have their own method of access. If you're on shared hosting I'd try taking it up with their customer support.

Illori

#2
February 18, 2011, 05:34:05 AM
as was asked there do you have any other php apps running on your server? if you dont then you have a misconfigured host that is allowing others to access your files when they should have no permission to do so. you should change all your passwords related to your hosting to make sure the hacker does not have access to do this again if they are using your cpanel to hack you.

kat

#3
February 18, 2011, 06:51:54 AM
It won't just be index.php, HorTs.

Most likely be quite a few of your other PHP files, too.

It might even be getting into any .js files you have, as well.

Try asking your host, about this.

They'll have server logs and they might even be able to identify how you're getting hacked.

HorTs

#4
February 18, 2011, 07:59:24 AM
Do you think I should update the whole software again?

kat

#5
February 18, 2011, 08:26:32 AM
Not exactly, no.

To save you going through all the files, to remove any rogue code, though, it might be worth you getting the large upgrade archive and using that to replace the files with fresh copies.

Check that Settings.php hasn't been hacked, though.

That's where all the database connection information is kept.
Print
Go Up Pages1
User actions
Advertisement: