SMF 2.0.19 has been released! Please update. Read more.
Started by vHawkeyev, May 01, 2009, 10:47:02 AM
Quote from: LexArma on May 18, 2009, 08:31:29 AMThe ultimate purpose seems to be linkspam... The hack adds loads of hidden links on your forum....
Quote from: JBlaze on May 18, 2009, 08:33:13 AMSo far, all we know as of now is that there is code injected into random, or seemingly random, php files. Also, there have been reports of some database tables getting injected as well.
Quote from: Broken Arrow on May 18, 2009, 10:01:07 AMlord, I just checked this morning and that code is on every single php file. I have subdreamer for the portal and several word press blogs and it's in all of themI guess I have to go through each file manually and remove the code.I did run a virus scan on my whole site and it said it showed no virus but I still don't trust this
diff -E -b -w -B -a --text --suppress-common-lines *old_backup*.sql *new_backup*.sql > diff.txt
Quote from: jackulator on May 18, 2009, 01:39:09 PMdoes everyone think this hacker went to a bunch of random SMF sites and did an sql-injection, or might it be possible that the section in admin that gives you updates from SMF was somehow hacked?
Quote from: robone on May 18, 2009, 02:07:10 PMI would look for the C99shell on your site, if you have been hacked
Quote from: robone on May 18, 2009, 02:55:09 PMThe file is 229051 bytes in size, so you need a script that will search all the files for a php that size
QuoteI must admit, I actually do not understand what they are saying
Quote from: jackulator on May 18, 2009, 01:50:28 PMhere's the IP I had for the krisbarteo guy: 184.108.40.206is this the same IP everyone else found? if he was dumb enough not to use a proxie I think a call to his ISP is in order - at the very least...