Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

Hacked

Asked Modified Viewed 8,474 times
T
TheDarkAce
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
asked
Junior Member

recently, my site has been completely hacked. they've deleted all shoutbox entries, all posts, and almost all users (which says to me they've bruteforced my password)

they've most likely stolen the DB as well... and this isn't good cos i ain't sure exactly when this happened

i'mm have a look into what i can do about retrieving the lost data, but i have a feeling i know who may be behind this

edit: my web address is http://www.soditaltf4.co.uk
0 replies

10 posts

C
Craig
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
answered
Fusioneer

What would you like us to do about that?
Is there any reason you are letting us know about this?

If they have most likely stolen your DB too then I presume you use the same passwords for all.

Read this...
[Chosing a strong password] ;)
Edited by Craig on 31-08-2011 09:17,
0 replies
T
TheDarkAce
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
answered
Junior Member

ok... i chamged the password... and they've attacked again... which means that they;re sql injecting

also, the reason i reported this hack is because of what the FAQ says:

Quote

I think my Site has been hacked, what now?
If you think your PHPFusion site has been hacked you should follow these steps.

First put your website in Maintenance-Mode if you can.

Change all Passwords, Admin, FTP, SQL and other hosting passwords.
If you have other admins get them to change their passwords.

Now go to the PHPFusion Main Forums and report this hack.

The PHPFusion team will do their best to help you and try to rectify why your site got hacked.
0 replies
P
PolarFox
P
  • Veteran Member, joined since
  • Contributed 1,633 posts on the community forums.
  • Started 29 threads in the forums
answered
Veteran Member

Some of your infusions can be vulnerable.
What infusions do you have?
0 replies
M
M0rdak
M
M0rdak 10
  • Junior Member, joined since
  • Contributed 18 posts on the community forums.
answered
Junior Member

After scanning your site for known shell scripts i found this.

http://soditaltf4.co.uk/includes/bbco...odes/z.php

I would suggest:

1. Remove all infusions.
2. Check all folders for unknown files or just reinstall PHPFusion.
3. Reset all user/admin passwords.

Maybe you should look at https://lastpass.com/ , this will help with strong passwords.
0 replies
T
TheDarkAce
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
answered
Junior Member

thank you M0rdak
0 replies
T
TheDarkAce
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
answered
Junior Member

i figured out that that was a dropped in file... and it was a standard FTP Upload (musta been a brute force/somone who knew the pass).
0 replies
W
Wanabo
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
answered
Senior Member

I've suggested before and will do now again to have a Captcha after 1, 2 or 3 false logins. Now a brute forcer can try unlimited, with captcha only 3 times.
0 replies
P
PolarFox
P
  • Veteran Member, joined since
  • Contributed 1,633 posts on the community forums.
  • Started 29 threads in the forums
answered
Veteran Member

Also check your computer for viruses.
0 replies
T
TheDarkAce
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
answered
Junior Member

@PolarFox
my pc is clean, so it's most likely a brute force

@wanobo
does sound like a good idea, i may get the ReCapcha engine installed and see if there's a way to have it ask after 3 failed attempts
0 replies
— 1 month later —
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

Hmm.. why not record their ip when it's posting and limit that ip post by x times of attempt. It's a small script to build , and i would place it as a require_once function in the pages where there is a form to post.

sql injection is always done via code execution script that's using _GET. The problem always get solved if not everyone but your members can only access those sql codes.

If you run (if {iMEMBER}) prior to code execution, then the suspect should be within your user community.

I would track them down by building a record function in a separate script and log it inside a separate sql database, and request that script in every page where there is a POST input available to scan my users from misbehavior.

Since version 7 has a multisite include, then it's easy to link to that separate db, and view activity of every user_id. However, thats only limited to how many times people post or get things. But still, you at least know what they posted.

SQL table supposed:
LOG_ID , USER_ID, PAGE_ID, INPUT_ARRAY, WHAT_WAS_POSTED_ARRAY

This way you can trace to every single detail.. although privacy is another issue all together. haha.
0 replies

Labels

None yet

Statistics

  • Views 0 views
  • Posts 10 posts
  • Votes 0 votes
  • Topic users 6 members

6 participants

C
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
W
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
C
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
P
P
  • Veteran Member, joined since
  • Contributed 1,633 posts on the community forums.
  • Started 29 threads in the forums
T
T
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
M
M
M0rdak 10
  • Junior Member, joined since
  • Contributed 18 posts on the community forums.

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet