HI All,
I think(know)I've had my forum hacked. I get the following.
HACKED BY R3C0L4X EFELER .G 1923TURK
New at this, so look for some advise.
Thanks in advance.
Cory
Hello :)
if you upload a fresh index.php from the install package, does this fix it?
HI,
I used Fantastico to install but am willing to do what ever!!
cor
OK, This is what had happened!
There was a file called index.html that that contained the "HACKED BY R3C0L4X EFELER .G 1923TURK " I just removed it, all fixed!
So all seems to be ok again but what did i do wrong?
How can i stop it from happening again?
cor
look in your server logs.
Are you running any other scripts other than SMF?
Are you on a shared host?
I'm only new at this but every time I use smf, the more interesting it gets!
However I still have a long way to go.
Server log's from SMF or in my control panel?
I think I'm running other scripts ie phpList.
We host our own domain. ancc.asn.au and this is the only forum.
cor
Make sure all your passwords are changed for cpanel.
All Changed! ;)
thanks kindred and bigguy -- i had to run out suddenly and couldn't attend to this topic :(
What happens is that if you or anyone on your server is running insecure scripts (or your webhost even) then it is possible, once they gain access to the server, to have it create and delete and modify files. This is what happened in this case, you should report this to your host so they can determine the point of failure
Thanks everyone for the help!
SMF Rock's!
This is the reply i got, perhaps i didn't ask the correct questions;
QuoteHi Cory,
When you install forums via fantastico, you need to make sure you peridoically go back into fantastico to run updates so you have the latest versions. New software bugs are always being found, and I would assume this is how you got hacked.
If you manually installed the forums, the same thing applies except without an automatic upgrade process.
Unfortuntely it's just about impossible to identifty said culprit, as the log files don't specically say something was going on, they just list everyone who has accessed the site, and thats a lot of people
if you're at version 1.1.2, you are at the latest version of SMF
If you feel smf was the culrpit in the case, however, feel free to make a security report (http://www.simplemachines.org/about/security.php)
Yes running 1.1.2
Dont really think it was SMF. Still learning! Just thought that my host might be of a little more help! I guess not! Not that it's much of a surprise!
Cory
You'd be surprised how hosts like to mess with people...
if you feel their support was inadequate, i'd reccommend finding a new host :P
SMF has a whole board dedicated to hosts and hosting, you can find 'hosts and hosting' from the index page
Hosts and Hosting (http://www.simplemachines.org/community/index.php?board=4.0)