Advertisement:

Author Topic: Account breached! Urgent  (Read 7261 times)

Offline xyxis_fahim

  • Jr. Member
  • **
  • Posts: 213
Account breached! Urgent
« on: July 08, 2008, 11:06:08 PM »
Hello,
So strange to see my main account password and email was changed to 
Code: [Select]
cybernet1c@hotmail.com . Possibly an hacker? I googled that email but found only 1 result.

Has anyone know about this? I'm under fear.
« Last Edit: June 03, 2009, 10:03:09 PM by xyxis_fahim »

Offline Bigguy

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,867
  • Gender: Male
  • Be nice, or else....
    • smfbigguy on GitHub
    • SMFH
Re: Admin Account breached! Urgent
« Reply #1 on: July 08, 2008, 11:10:41 PM »
Are their any errors in the error logs in the admin control panel or in the error logs in cpanel. ???

Offline xyxis_fahim

  • Jr. Member
  • **
  • Posts: 213
Re: Admin Account breached! Urgent
« Reply #2 on: July 08, 2008, 11:21:05 PM »
From Cpanel error log:

[Tue Jul 08 22:09:19 2008] [error] [client xx_IP_xxx] client denied by server configuration: /home/truforum/public_html/attachments/g.php

thats all

Offline Bigguy

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,867
  • Gender: Male
  • Be nice, or else....
    • smfbigguy on GitHub
    • SMFH
Re: Admin Account breached! Urgent
« Reply #3 on: July 08, 2008, 11:43:08 PM »
Not sure what happened then. Do you have other admins on your forum. ???

Offline xyxis_fahim

  • Jr. Member
  • **
  • Posts: 213
Re: Admin Account breached! Urgent
« Reply #4 on: July 09, 2008, 12:11:52 AM »
Yes one other, my good friend.  He didn't change any settings he said.

Offline H

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 21,662
  • Gender: Male
Re: Admin Account breached! Urgent
« Reply #5 on: July 09, 2008, 07:44:26 AM »
Mods installed?

Have you submitted a Security Report?
-H
Former Support Team Lead
                              I recommend:
Namecheap (domains)
Fastmail (e-mail)
Linode (VPS)
                             

Offline karlbenson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,629
  • Gender: Male
    • Criminal Brief UK
Re: Admin Account breached! Urgent
« Reply #6 on: July 09, 2008, 08:33:09 AM »
Are you running smf 1.1.5?

If not upgrade asap!

Offline metallica48423

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,842
  • Gender: Male
  • Professional Multislacker!
    • Zentendo
Re: Admin Account breached! Urgent
« Reply #7 on: July 11, 2008, 05:38:41 PM »
also -- i'm assuming that you're not encrypting attachment filenames? If you are not, you want to block common script file types or someone with ill intention may be able to run arbitrary code on your site.
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

Quote
Microsoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"

Useful Links:
Online Manual!
How to Help us Help you   
Search
Settings Repair Tool
     

Offline knaphih

  • Semi-Newbie
  • *
  • Posts: 27
Re: Admin Account breached! Urgent
« Reply #8 on: August 16, 2008, 12:09:39 AM »
I must say....always keep a backup ready for such incidences...ive had this prob around a year back on my first smf forum.. It was an admin who played with the things...

Offline Bigguy

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,867
  • Gender: Male
  • Be nice, or else....
    • smfbigguy on GitHub
    • SMFH
Re: Admin Account breached! Urgent
« Reply #9 on: August 20, 2008, 05:47:23 PM »
Hows things going now xyxis_fahim ???

Offline xyxis_fahim

  • Jr. Member
  • **
  • Posts: 213
Re: Admin Account breached! Urgent
« Reply #10 on: September 01, 2008, 10:11:09 PM »
Hows things going now xyxis_fahim ???
Never mind , it was a host issue. You may delete this topic. Thanks.

Offline joshuam08

  • Jr. Member
  • **
  • Posts: 129
  • Gender: Male
  • Gamingguru.org Admin
    • Gaming Guru
Re: Admin Account breached! Urgent
« Reply #11 on: October 10, 2008, 05:41:58 AM »
Just To Add Make Sure You Encrypt Attachment Names So People Cannot Run Script
Gamingguru.org Admin
http:\\www.gamingguru.org