Site is being hacked as we speak

[kat]

do I just highlight everything right click and chmod? or do I have to do everything one by one? OR...lol.. do I just need to change certain files?

CHMOD the parent directory (Usually public_html) and set it to do all subdirectories/files, too.

[Sir Osis of Liver]

Have you changed the database password?

[Kimmie]

do I just highlight everything right click and chmod? or do I have to do everything one by one? OR...lol.. do I just need to change certain files?

CHMOD the parent directory (Usually public_html) and set it do do all subdirectories/files, too.

Ok I don't see anywhere that I can tell it to do the subdirectories.

[Kimmie]

Have you changed the database password?

Isn't that the CPanel password? if so, yes. (too many friggin pw's to keep up with  lol)

[kat]

Is that Filezilla? IIRC (Which I may not be, coz it's been a while since I used it), it asks you, once you hit "OK".

[Kimmie]

CuteFTPPro.

And it won't keep the changes. I click apply, then ok. Refresh and check and they are back at 750


The number of folders on that properties page keeps going up.

[Sir Osis of Liver]

The database password is just for the db.  If your friend had cpanel access or got a look at your Settings.php and has your db credentials, he can access it directly with external script.  Should be able to change it in the MySQL section of your cpanel.

[kat]

And it won't keep the changes. I click apply, then ok. Refresh and check and they are back at 750

One for your host, then.

[Kimmie]

The database password is just for the db.  If your friend had cpanel access or got a look at your Settings.php and has your db credentials, he can access it directly with external script.  Should be able to change it in the MySQL section of your cpanel.

Ok this is done. 

[Sir Osis of Liver]

When did you last back up your forum files, or install a mod?

[Kimmie]

Have not installed any mods for quite some time now. Last backup 11/14. Tried to do one last night but could not get one. Guess this is why  lol

[kat]

Three days ain't so bad.

If you're lucky, your host might have a more recent one.

[Kimmie]

Well most of the time I do one every night. I have been sick for the past 2 days  lol,


At this point is there anything else I need to do, or am I just basically waiting on my host at this point?

[Sir Osis of Liver]

I would just dump the whole forum, delete everything (and make sure it's gone), then upload the backup.  That should remove any code hacks, unless they were done prior to the backup and not used until today.  You can also do a clean install from the large upgrade package, then reinstall your mods and themes.  Remember to update the db password in Settings.php.

Edit:  Talking about the forum files, not the database.  Let's assume the db is ok for now.

[Kimmie]

I would just dump the whole forum, delete everything (and make sure it's gone), then upload the backup.  That should remove any code hacks, unless they were done prior to the backup and not used until today.  You can also do a clean install from the large upgrade package, then reinstall your mods and themes.  Remember to update the db password in Settings.php.

Well I tried 3 different times last night to make a backup and each time I couldn't get it passed about 8mb so I am hoping that is when they were in the middle of actually hacking in. They didnt start making any changes until about 10 min or so before I posted here. Had the nerve to post on my site and brag they were going to do it.  Ad again, I apologize again for the way I started out.. I was freaking out.. its my first hack (and hopefully the last) :/

What I will probably do is step away from my pc.. go make a pot of coffee and calm down for a few minutes. Then if I have not heard back from them by then, I will consider your option. Just a couple more quick questions

1. Dumping the whole forum: You mean delete the DB right? I haven't had to do this before so I want to make sure I get it right
2. I also have a public html backup. Should I delete that as well, and upload the backup?
3. When I get ready to import the backup through CPanel, will it let me upload that large of a file?

Are there any other files outside of the public html folder that they would have changed?

I would much rather prefer to restore vs using the large upgrade as it wipes out all my mods. I will if I have to though.

[Sir Osis of Liver]

No, don't delete the database.  If you've changed all your passwords, you should be secure, unless your host has been hacked.  Restore the forum backup, update Settings.php so the forum reconnects to the existing database, and see what you have.  If you have a recent db backup, make sure it's in a safe place.

[Arantor]

Because there's no way the miscreants could have left a backdoor or anything in the code, right?

Unless you know for certain that there's no backdoor in the backup, assume it is compromised.

[Sir Osis of Liver]

That should remove any code hacks, unless they were done prior to the backup and not used until today.

No harm in trying while waiting for host support to respond.

[Arantor]

Believing yourself to be secure when you're wide open is the worst kind of security.

But you clearly got this one covered, don't need my help at all.

[Sir Osis of Liver]

<sigh>