SMF Forums Hacked

[NergalHST]

So I check on my moderately sized forum community and notice as I log in the forums have been hacked and I come upon this page:




I also noticed that layout was changed to a default before logging in.

I need some help on how to restore the boards as they previously were and to make sure this does not happen again.
What are some first steps I can take and what should I be looking into or looking for?
Any advice or insight would be glady welcomed !

[Adish - (F.L.A.M.E.R)]

Firstly, send us a security report if you wish to: http://www.simplemachines.org/about/security.php

Secondly, restore your previous backup and change your main passwords. If you don't have one, then there are ways to get parts of your forum back if the database is still intact, however, there are still chances of it getting hacked again if SQL injections are made by the hacker.

[NergalHST]

Firstly, send us a security report if you wish to: http://www.simplemachines.org/about/security.php

If you don't have one, then there are ways to get parts of your forum back if the database is still intact, however, there are still chances of it getting hacked again if SQL injections are made by the hacker.

Tell me more about this, and what should I be doing right now?
Also I was on version SMF 2.0 RC3 I need to upgrade and could I also just see if the boards/database are still intact and remove the page that is being displayed?

[Adish - (F.L.A.M.E.R)]

The security report will enable us to find out what was the cause of the hack and if there is a vulnerability in the software, the devs will look into it and fix it for future versions.

It is very unlikely that your forum might be intact as hackers have automated scripts which add SQL injections with your database which allows them to hack your website once again. However, if you think that they are intact and you are happy to use it ahead, then it is your choice.

What I would advice is:
- Download a full download copy of SMF 2.0 RC5
- Delete all the SMF Files and Folders from the server. (Make a backup of the hacked data just if there are useful files within it which can be helpful to you.)
- Upload the fresh copy of SMF 2.0 RC5
- Run repair_settings.php (What is repair_settings.php?)
- Download the Large Upgrade from the download section here.
- Upload ONLY the upgrade.php and the relevant .sql files
- Run upgrade.php and upgrade your database to SMF 2.0 RC5 from SMF 2.0 RC3

This should hopefully help you get back on track.

[NergalHST]

My site is Hostellroleplay.net

[NergalHST]

Why would the guy just hack it and put that page in for? No other things in the file mananger look messed with. Is there a way I could restore it and then update?

I'm not really technical with this kind of stuff so I would appreciate some help.

Also displaying an error:

Code Select Expand

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /home/hoste1/public_html/forum/Themes/default/Compat.template.php on line 32

[NergalHST]

My admin just told me some information I thought would be relevant. He says that the hack is only affecting admins when they log into the forums, like it is only displayed to admins and that all normal users browse the forums fine and everything works for them? I deleted the hackers index page, can I just set the theme to default for now?

[kat]

To ensure your forum's clean, you can always get the LARGE upgrade archive and upload all the files to your site, overwriting what's there, now. That will, almost certainly, screw every one of your mods, sadly. They'll still be in "Packages", but they'll need to be reapplied.

Don't upload upgrade.php, though.

That's assuming that you've been a norty admin and you don't have a backup to restore.

[NergalHST]

One of my other admins has a backup somewhere... also nice Sig.

[kat]

Thanks! I put it there in the hope that it would make people remember.

Restoring the backup might be the best plan, then, ay?

[NergalHST]

Yes indeed it may be, also for now I'm getting a:

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /home/hoste1/public_html/forum/Themes/default/Compat.template.php on line 32

?

[NergalHST]

I've recovered the forums with a backup, but I'm getting the above problem. Any ideas?

[Illori]

you would need to attach the file giving the error message for someone to be able to review it for errors.

[NergalHST]

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /home/hoste1/public_html/forum/Themes/default/Compat.template.php on line 32

I've attached the file giving me this error.