We were hacked in our SMF, with TP.

[GeofMauser]

Then need i change the database prefix ?

[G6Cad]

Could be worth a try

[IchBin]

I would change any admin passwords if I was you.

[Mitchâ„¢]

I knew there was a reason i changed the smf_ thing on my forums hahaha

[IchBin]

I really don't think that is a problem. Maybe I misunderstand G6. The database prefix doesn't really mean anything unless someone has hacked your database user/pass in the first place.

[RoarinRow]

Do you have FlashChat installed.  That might be a back way for them.  I feel your pain I was hacked 3x this past week.   

[G6Cad]

What i meant was that if they found a passage to hack a site, you should change as many things possible in order to ruin their findings so they have a hard time doing the same thing over and over.

If they hack a site like they have done here, i don't think they go through the SMF or TP, i think they go through the host and ruin a lot of sites on the same server.

I read some about it yesterday, and they hack the host, manage to put in some small file that "feel" when a certain file gets active (in this case it seems like it's index.php) and when the file is called for, this little file they have planted, execute and change the file that is called for.

i will see if i can find the site again where i read about it, but i would contact my host and ask them to scan the servers for Trojans and back door programs.

[G6Cad]

have to add a little more about what i read.
This action is often made to FREE hosting companys, and more then one time it's prooven to be the actuall host itself that put in this type of files to their servers, and why? to get rid of the free hosted users after the testperiod is over and the host want to start to charge people for eather the security, or for a better hostingplan.

If the users get hacked over and over again, they automaticly seek another host, and that way the free host dont have to shut the server down and kick the free users them selfs and gain bad name and reputation.
Sad but true.

[GeofMauser]

Thank you guys for you data.

FlashChat:
I have not it.
_____________________________________________________________________

My host is a pay host ... and is very costous. Today i was speaking with the admin enterprise and he tell me that the host is updated with the last versions of softwares, and no one of the others sites hosted in this host is having problems like our site.

Is weird, but the database was not touched by the hacker, all data is fine. I have changed the user and password for the FTP, and i put very long and hard user and password.

This hacker have access to root php files as "index", "settings", etc,etc.

PD:

Is possible install TP in SMF RC3?.

[akulion]

also please make sure of the following - that you have NOT:

- installed any 3rd party unapproved mods for SMF

- set a password which is relatively simple (best would be use a password composed of alphabet [caps and small] + numbers - and a long one too)

- allowed any other files or scripts to be stored in your smf folders (check the files against a downloaded package to compare how many u should have)

Also it may be a good idea to check with your host about security issues - it could be an issue linked to the for all you know.

Thats all i can really think of - best of luck protecting ur site