Hacked and Reupping 1.19

[MrBlond]

Hey all,

My site, hxxp:www.walledme.com [nonactive] has been hacked twice in a week.   It's a gaming site and I just took over the responsibility of running it from a previous admin who doesn't have the time and didn't have the money to host it.   Anyway, I managed to move everything over to my new host and get a lot of pages updated and the forums reconfigured with a new theme and the member list and the admins all cleaned out except me and boom two days later.. the site gets hacked with an IP from England 86.15.44.67 and the hacker deletes all of the website files and all the forums files, basically everything except luckily the sqls.  He put up a pleasant little index page that said that I had been "Merked...ha ha ha" or some such garbage..   

I had a backup from the first day I got everything up and running.. naturally before I made all my fancy changes.. but I reupped and realized that the SMF version was old.. 1.15 I think.. so I updated to 1.19 and forgot about it for a couple of days.    So last night, I decide I'm going to go on and guess what.. my friend was apparently back and this time he just deleted everything.. again the SQLs  luckily remain.

I have a million questions I can ask some of you guys but my plan right now is to just install a fresh copy of 1.19 and point it to my existing sql db.   I have read enough to see that this will work pretty easily.  I downloaded my old forum files to my local desktop and I wold really like someone who knows what they are looking at to take a look and see if they can see how or what was wrong and let this idiot get inside my website to begin with.  Also, any other advice I can get on what to do to avoid being attacked like this or additional security measures would be appreciated.  Last, is there anything I can do to catch this guy?

Blond out.

[JimM]

Welcome to SMF.

If he is deleting forum files then the first thing you need to do is change your password for your hosting control panel as well as your FTP password.  These passwords need to be very secure using a random combination of letters/numbers/symbols.

Take a look at your server logs, FTP logs.  You might find something there.

[Adish - (F.L.A.M.E.R)]

Do as JimM said firstly. Also ask your hosting to create a fresh account as you really dont know what the hacker might have done in your control panel. Hence it maybe harmful.

Then put your site on the new control panel and have a nice time.

[JimM]

Any update on this MrBlond?  Were you able to contact your host and get things worked out?

[MrBlond]

Sorry for not updating sooner.   I ended up doing a clean install of SMF and changing all the passes and also cleaning out the loads of extra files I had on the server from different website revisions etc.   I didn't find any strange code any of my website pages but who knows.   Anyway, my website and forum has been back up for 2 weeks with no problems.   If anyone cares, the hacker info is.

Name he used to advertise his work - I flip Rizla
IP address - 86.15.44.67
Image he put up was from his account at hxxp:drivehq.com [nonactive] - account name - sdotm - I emailed them and they said there was other suspicious stuff going on with this account and they banned him ... 

Hopefully, things run smooth from here on in.

My site is hxxp:walledme.com [nonactive] in case anyone has a minute to go see if you see any obvious security issues.

Blond out.