Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
recently, my site has been completely hacked. they've deleted all shoutbox entries, all posts, and almost all users (which says to me they've bruteforced my password)

they've most likely stolen the DB as well... and this isn't good cos i ain't sure exactly when this happened

i'mm have a look into what i can do about retrieving the lost data, but i have a feeling i know who may be behind this

edit: my web address is http://www.soditaltf4.co.uk
What would you like us to do about that?
Is there any reason you are letting us know about this?

If they have most likely stolen your DB too then I presume you use the same passwords for all.

Read this...
[Chosing a strong password] ;)
ok... i chamged the password... and they've attacked again... which means that they;re sql injecting

also, the reason i reported this hack is because of what the FAQ says:

Quote

I think my Site has been hacked, what now?
If you think your PHP-Fusion site has been hacked you should follow these steps.

First put your website in Maintenance-Mode if you can.

Change all Passwords, Admin, FTP, SQL and other hosting passwords.
If you have other admins get them to change their passwords.

Now go to the PHP-Fusion Main Forums and report this hack.

The PHP-Fusion team will do their best to help you and try to rectify why your site got hacked.
Some of your infusions can be vulnerable.
What infusions do you have?
thank you M0rdak
i figured out that that was a dropped in file... and it was a standard FTP Upload (musta been a brute force/somone who knew the pass).
I've suggested before and will do now again to have a Captcha after 1, 2 or 3 false logins. Now a brute forcer can try unlimited, with captcha only 3 times.
Also check your computer for viruses.
@PolarFox
my pc is clean, so it's most likely a brute force

@wanobo
does sound like a good idea, i may get the ReCapcha engine installed and see if there's a way to have it ask after 3 failed attempts
Hmm.. why not record their ip when it's posting and limit that ip post by x times of attempt. It's a small script to build , and i would place it as a require_once function in the pages where there is a form to post.

sql injection is always done via code execution script that's using _GET. The problem always get solved if not everyone but your members can only access those sql codes.

If you run (if {iMEMBER}) prior to code execution, then the suspect should be within your user community.

I would track them down by building a record function in a separate script and log it inside a separate sql database, and request that script in every page where there is a POST input available to scan my users from misbehavior.

Since version 7 has a multisite include, then it's easy to link to that separate db, and view activity of every user_id. However, thats only limited to how many times people post or get things. But still, you at least know what they posted.

SQL table supposed:
LOG_ID , USER_ID, PAGE_ID, INPUT_ARRAY, WHAT_WAS_POSTED_ARRAY

This way you can trace to every single detail.. although privacy is another issue all together. haha.
Thread Information
Author
Replies
11 posts
Views
7704 times
Last Post
Last updated on 9 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Craig, Wanabo, Chan, PolarFox, TheDarkAce, M0rdak