Read the blogs!
Started by Scooby, January 02, 2012, 06:18:58 PM
Quote from: sonnenblende on January 03, 2012, 01:07:33 PMHi,I had the exact same issue with two older SMF sites today.Best way to fix is:a) restore index.php and Settings.php from last backup (you should always run backups!)b) make sure your index.php and Settings.php are NOT world/group writable!c) make sure your /tp-images folder is NOT world/group writable!d) remove the directory "File" from /tp-images (that's where they seem to break in)e) by all means CHANGE your database and administrator passwords (part of the hack is them trying to pull a dump of your members table!)That should clear it. Most important thing is indeed they must not be able to use php code to overwrite your index.php and Settings.php - depends on your hosts setup if and how they can achieve that.Regards,Jerry
Quote from: slvreagl on April 08, 2012, 11:53:23 PMSon of a **** I got hit with this today.....
Quote from: slvreagl on April 09, 2012, 10:11:39 PMNot sure how they got my ftp password but they have all been changed.
QuoteAlso should also note I got attacked running SMF 2.0.2 and TinyPortal 1.107
Quote from: slvreagl on April 09, 2012, 10:11:39 PMSo I did the above recommendations and found my SSi.php was also attacked, after deleting and restoring all three files from a known good backup I am back up and running and my database was not affected (I use a different password for database access) They attacked via FTP and simply overwrote my files that were writable *stupid mistake! Not sure how they got my ftp password but they have all been changed. Also should also note I got attacked running SMF 2.0.2 and TinyPortal 1.107