Site is being hacked as we speak

[ApplianceJunk]

Who is your host?

Maybe UNDERHOST.COM

[Kimmie]

Yeah the passwords were the same on my admin account. To be honest, I didn't know that they could be different. I don't recall it ever asking me to use a different one.

How are they accessing my database if CPanel has nothing to do with it?  (I have no idea how all that works)

[Kimmie]

Who is your host?

Underhost

[Sir Osis of Liver]

Change your host account password.

Change your main FTP password and delete all additional FTP users.

Change your database password.

Use phpmyadmin to access your database and delete all admins (id_group = 1).

[Kimmie]

By host account password, do you mean my password for their website?

CPanel pw has been changed
FTP password has been changed

And I will do the last one now. 


EDIT: I was able to log into cpanel but  phpmyadmin is not wanting to load.  (just to update, still have not heard back from host yet)


EDIT: it finally loaded. Gotta find where to delete the admin accounts

[ApplianceJunk]

Change your host account password.

Change your main FTP password and delete all additional FTP users.

Change your database password.

Use phpmyadmin to access your database and delete all admins (id_group = 1).

and never offer to gladly give out your info in a public forum, lol...

I will gladly give one of you my info if you can help me get this stopped

[Don Jajo]

you must have an account in your host site, change the pwd of that account. That's the host pwd

[Kimmie]

I would not have given it out here..lol. I would have pmd it

[Kimmie]

you must have an account in your host site, change the pwd of that account. That's the host pwd

My confusion is coming from what you mean by "host site". Are you referring to their website where I log in if I need to submit a ticket etc?

[ApplianceJunk]

I would not have given it out here..lol. I would have pmd it

I figured that and I should have said, never state in a public forum that you are willing to give out your info, via PM or what have you.

[ApplianceJunk]

you must have an account in your host site, change the pwd of that account. That's the host pwd

My confusion is coming from what you mean by "host site". Are you referring to their website where I log in if I need to submit a ticket etc?

How about you just change all your passwords.

[Don Jajo]

yea

[kat]

Seems like a plan, that.

[Kindred]

well, if they got into your hosting cpanel account, then they have access to all your files and all your databases

However, we need to be certain that we are talking about the same thing here...
When I say Cpanel -- I DO NOT mean the SMF admin screens. I mean your HOSTING LEVEL Control Panel.
SMF has no feature in it to directly access or edit the database....
That being said, if the hacker is half-way decent, once he go into your smf admin account, he could upload his own files which could allow him to do things... 

so, hence Arantor's suggestion to turn off all permissions to all files (chmod 000)

Seriously though... you really should be working with your host on this.



There is no need to DELETE all admins -- just delete their membership in the admin group

[Kimmie]

"Use phpmyadmin to access your database and delete all admins (id_group = 1)."

There are only 2 1's which means he deleted 2 accounts - including the one I used. One of the 1's on here is my root account. I always used a different one incase things like this happened.

Before I do this, Are you telling me it is ok to delete my root account?

[Kimmie]

"When I say Cpanel -- I DO NOT mean the SMF admin screens. I mean your HOSTING LEVEL Control Panel."

This pw has been changed.

"so, hence Arantor's suggestion to turn off all permissions to all files (chmod 000)"

When I edited settings.php and changed the maintenace to 2, I was under the impression this was done automatically. What is the fastest way to get these all changed manually?

[kat]

If you delete ALL accounts, they'll be restored, when you restore your backed-up database.

Quickest way to CHMOD would be with an FTP client.

[Kimmie]

If you delete ALL accounts, they'll be restored, when you restore your backed-up database.

Quickest way to CHMOD would be with an FTP client.

Ok I am in there.. do I just highlight everything right click and chmod? or do I have to do everything one by one? OR...lol.. do I just need to change certain files?


THANKS TO ALL OF YOU WHO ARE HELPING!!

[Sir Osis of Liver]

Before I do this, Are you telling me it is ok to delete my root account?

People do it all the time.  When the forum is cleaned up you re-register then use phpmyadmin to change your id_group to '1'.  Or you can change all the id_group=1 to id_group=0. You don't know if the hacker is using your root admin account.

[Kimmie]

Before I do this, Are you telling me it is ok to delete my root account?

People do it all the time.  When the forum is cleaned up you re-register then use phpmyadmin to change your id_group to '1'.  Or you can change all the id_group=1 to id_group=0. You don't know if the hacker is using your root admin account.

Thank you for that info!! I also deleted an account that had the ID Group 10. That is what his was showing as.


Update: Still waiting to hear back from my host.