Hacked

What would you like us to do about that?
Is there any reason you are letting us know about this?

If they have most likely stolen your DB too then I presume you use the same passwords for all.

Read this...
[Chosing a strong password] ;)

ok... i chamged the password... and they've attacked again... which means that they;re sql injecting

also, the reason i reported this hack is because of what the FAQ says:

Some of your infusions can be vulnerable.
What infusions do you have?

After scanning your site for known shell scripts i found this.

http://soditaltf4.co.uk/includes/bbco...odes/z.php

I would suggest:

1. Remove all infusions.
2. Check all folders for unknown files or just reinstall PHPFusion.
3. Reset all user/admin passwords.

Maybe you should look at https://lastpass.com/ , this will help with strong passwords.

thank you M0rdak

i figured out that that was a dropped in file... and it was a standard FTP Upload (musta been a brute force/somone who knew the pass).

I've suggested before and will do now again to have a Captcha after 1, 2 or 3 false logins. Now a brute forcer can try unlimited, with captcha only 3 times.

Also check your computer for viruses.

@PolarFox
my pc is clean, so it's most likely a brute force

@wanobo
does sound like a good idea, i may get the ReCapcha engine installed and see if there's a way to have it ask after 3 failed attempts

Hmm.. why not record their ip when it's posting and limit that ip post by x times of attempt. It's a small script to build , and i would place it as a require_once function in the pages where there is a form to post.

sql injection is always done via code execution script that's using _GET. The problem always get solved if not everyone but your members can only access those sql codes.

If you run (if {iMEMBER}) prior to code execution, then the suspect should be within your user community.

I would track them down by building a record function in a separate script and log it inside a separate sql database, and request that script in every page where there is a POST input available to scan my users from misbehavior.

Since version 7 has a multisite include, then it's easy to link to that separate db, and view activity of every user_id. However, thats only limited to how many times people post or get things. But still, you at least know what they posted.

SQL table supposed:
LOG_ID , USER_ID, PAGE_ID, INPUT_ARRAY, WHAT_WAS_POSTED_ARRAY

This way you can trace to every single detail.. although privacy is another issue all together. haha.