We were hacked in our SMF, with TP.

[GeofMauser]

"You Two,Israel And Usa;
Didnt You Think That We Wouldnt Ask You
About All Off These Oppressions You Did.
Today Our Way Is That,
Tomorrow We ll Be Knocking Your Door
Because Of These Oppressions.Be Sure About This.
Sins Can Be Forgiven But Oppressions Never.
Filistin,Iraq Please Try To Stand These Oppressions.
We Came To Broke Hands Which Hurt You.
Now We Are Here Against These Enemies.

We Will be Your Curse on Cyber World ! !

******************************************************************
  LiNuX4AleX  (GeeTz)
******************************************************************
         Dr.hacker - Dr.ExE - Dr.Draman -linuXhak
            BroKeN-PrOxy- hakrawy -MaX -Dr.jr7 - php Emperor
      Mail:Mr.elgaarh@hakrawy.com *_^ ----->...............

[scs]

Its not hacked, all it seems like is you've left your hosting account unsecured and someone replaced the index.php/index.html

[GeofMauser]

//////////// - READ - /////////////
Ok all resolved with BackUps, but warning, our site was absolutly hacked.

We are using SMF RC2 with the last Tiny Portal versión.

The first sintom was a message in the private message secction, and when y attempt to read the private message, all the site was crash with the hacker message and image.

1 _ Ftp was not violated.

2 _ The index.html was mine, while i was deleting all hacked files.

3 _ Is not a unsecure host.

[scs]

Even secure hosts have security problems

[IchBin]

More than likely they guessed a password for a user account.

[scs]

If thats the case, it could be brute force hackers

[alan s]

Brute force doesnt work unless someones stupid enough to have a 3 or 4 number only password. And even then it would take a few hours to crack......i dont know from personal experience of course  i've just read it off some well known hacking sites i like to read through to gain computer knowledge.

As Ichbin siad they probably just guessed....

[Mitchâ„¢]

You know i keep hearing about people getting hacked etc, but have actually yet to be hacked. I probably have being running the tp + smf combo for almost a year now! But then again i do use unique logins and i use different letter and number combinations for each one of my websites and the smf and maybe thats why i have yet to be hacked.

[GeofMauser]

Ok, i have now news. You maybe can explain me about the problem, if is host insecure or what.

Well, we were hacked again today, but only i was need replace those files in root dir:

index.php
Settings.php
SSI.php
Settings_bak.php
ssi_examples.php
index.php~

And with this action, the forum works fine.

Please say me what maybe is the problem, where this hacker can enter.

[G6Cad]

they can go through the DB on your host, if you leave the SMF_ as prefix, they know the patsh to the files and that way they can change them perhaps