TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,966
  • Latest: safir45
Stats
  • Total Posts: 195,985
  • Total Topics: 21,321
  • Online today: 781
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 216
  • Total: 216

Help please...my forum got hacked!!!

Started by soMzE, January 16, 2007, 10:21:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5
User actions

soMzE

#20
January 18, 2007, 09:01:32 PM
Oke i talked to my host today on the phone for half an hour and he told me he blocked the ip of the hacker..and reported a email to abuse@provider.nl.

But he did not understand why it was possible that i they have been hacked.. The use Driect Admin 1.28.6
does anyone know if this good and up-to-date?

He told me that also there was a possibility he had acces to my hotmail account, because i had forwarded my admin email to this account that maybe the hacker got the new database passwords the have sended me.

But i doubt this..

And another question, can it be that my database backup is hacked in any way so the hacker has acces to it all the time,or has this nothing to do with this?

Thank you all for your support and sympathies, the do me really good  ;D

Can't wait to get started again!!

soMzE

#21
January 18, 2007, 09:09:04 PM Last Edit: January 18, 2007, 09:10:43 PM by soMzE
Quote from: Chrisâ„¢ on January 18, 2007, 09:04:32 PM
Unless you saved your backups there is no way to get all of the posts and everything back.

The hotmail thing sounds like it could be the problem, but there really is no way to get anything back besides talking with your host.

I have a database backup of all the post and members a day before the hack and a total backup of my site, but what i really like to know is if the have done something with the database.. because yesterday i tried to recover the forum and the hacker whas there instandly and took control over my forum again..

and this was a new install of SMF 1.1.1.. i try to find out what i can do to prevent this..

Oh and sorry, what does this file do? .htaccess do i need this to make everything work?

LeetCenter

#22
January 18, 2007, 09:16:12 PM
You could be keylogged. And if he has acess to your hosting account, he can get through phpmyadmin and make himself admin again.

Do what others said for example do the WHOIS to his ip and contact abuse@ hisisphere

soMzE

#23
January 18, 2007, 09:26:06 PM
QuoteOke i talked to my host today on the phone for half an hour and he told me he blocked the ip of the hacker..and reported a email to abuse@provider.nl.

My host contacted his isp, but for who knows were he is? Maybe internet cafe or something like that..
And i know he does not have acces to my hosting account at the moment, i have a new password sended to another unknown email adress i use.

It happens when i reinstall the forum, so i think there somewere a flaw.. but i don't know were... what is the keylogging thing you said? Can this be anywere in the database backup i have?

IchBin

#24
January 18, 2007, 11:35:37 PM
A keylogger would most likely be on your computer, as it captures the user/pass that you enter and can send the data to his unknown source.

I would suggest you setup your forum in a directory that is protected by .htaccess for now and see if he still has access to it. After getting the database setup, run a query to change ALL accounts to non-admin status, then manually change your account to admin so that you are the only one with admin. :) If he can't access your forum with a protected directory then you know that he doesn't have access to your webhost control panel.
If all of that seems to be successful, then I open the forum and see what happens. Cross your fingers. :) Funny, how the host blamed you at first. ;)

soMzE

#25
January 19, 2007, 04:10:28 PM
Oke thnx IchBinâ„¢ for your reply and sorry but i had to work today that's why i'm so late with answering :)

Oke i am going to follow your instructions, i did a virus scan and it found a trojan horse but i don't think it's coming from him, don't know for sure but it's gone now.

Quote from: IchBinâ„¢ on January 18, 2007, 11:35:37 PM
A keylogger would most likely be on your computer, as it captures the user/pass that you enter and can send the data to his unknown source.

I would suggest you setup your forum in a directory that is protected by .htaccess for now and see if he still has access to it. After getting the database setup, run a query to change ALL accounts to non-admin status, then manually change your account to admin so that you are the only one with admin. :)

You mean by this i use the option to password protect a folder within direct admin? And how do i run the query for the database backup? Do i do this in the forum or in Direct Admin/ Php my admin? Sorry but i don't know these things quite yet, but i'm learning :)

And i checked the logins to my direct admin and the hacker hasn't come back..yet... so i think that's safe..i hope  :)

MattMcFarland

#26
January 19, 2007, 04:26:54 PM
You should think about using a more secure host.  I personally use Cartika and they are experts packed to the brim with LEVEL 3 professionals.

Also, DH is slow because they put too many people in small rooms (metaphore: they put too many people on one server, this makes them cheap, but makes your service complete and total crap, I'd doubt DH would be good for any site that gets 10 posts a day)

Cartika runs mod_security (if your host ran mod_security this probably wouldnt have ever happened) - I hope your host learns a lesson! 

If I were you, I'd change hosts immediately.  check out Cartika at http://www.cartikahosting.com  - they aren't the cheapest but they are indeed the best host hands down. They have better tech support then any host I've ever dealt with, and I've dealt with a lot of hosts.

soMzE

#27
January 19, 2007, 04:32:45 PM
Quote from: MattMcFarland on January 19, 2007, 04:26:54 PM
You should think about using a more secure host.  I personally use Cartika and they are experts packed to the brim with LEVEL 3 professionals.

Also, DH is slow because they put too many people in small rooms (metaphore: they put too many people on one server, this makes them cheap, but makes your service complete and total crap, I'd doubt DH would be good for any site that gets 10 posts a day)

Cartika runs mod_security (if your host ran mod_security this probably wouldnt have ever happened) - I hope your host learns a lesson! 

If I were you, I'd change hosts immediately.  check out Cartika at http://www.cartikahosting.com  - they aren't the cheapest but they are indeed the best host hands down. They have better tech support then any host I've ever dealt with, and I've dealt with a lot of hosts.

Thnx for your reply but i think there is a misunderstanding... Do you mean by DH = Dreamhost? This is not the host i'm with, i come from the Netherlands so i don't know if it's a good idea to be with a host in another country?

And Ichbin, can i send you a personal message? I may have something interesting about this case, but i can't figure it out..I still have the logfiles from my account and the show everything the hacker has done..

Maybe you understand this?  :)

JPDeni

#28
January 19, 2007, 04:39:00 PM
QuoteThnx for your reply but i think there is a misunderstanding... Do you mean by DH = Dreamhost?
There's a separate discussion going on here. It happens a lot. If something doesn't seem to apply to you, just ignore it. :)

IchBin

#29
January 19, 2007, 10:21:51 PM
Thank you for asking, yes you may send me a PM. I'd be interested in what you have on this.
Print
Go Up Pages 1 2 3 4 5
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.