Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Admin Pass Problem

I have a real problem folks ! My main site is being hacked. I was successful in changing my main password. But then I deleted the admin pass in the DB. When prompted that admin pass was not set I proceeded to try to set a new one. Even though it did not ask for current admin pass when I click update profile it tells me that current admin pass was not set. This doesn't make sense. HELP !!!
Grimloch, did you try using the old password before you set the new? Try it... nothing to lose right?
You don't understand. I deleted the admin password in the database; it's empty. Old pass would not work even if I remembered it. I use Firefox which remembers passwords for me
Do you have any info on how you where hacked yet?. It is important if the system would have an issue we need to fix.
To restore your password, copy install.php back to your root, run it and select Change Super Admin Details.

Quote

Do you have any info on how you where hacked yet?. It is important if the system would have an issue we need to fix.
To restore your password, copy install.php back to your root, run it and select Change Super Admin Details.


I really have no idea how the hacking occurred. When I discovered it I deleted ALL the files I could find that I knew were not supposed to be there which gave me my website back. If changing my passwords is NOT the fix then I am sure it will happen again. If it does I'll try to identify how it is happening. In the meantime thanks for the fix info, I appreciate it.
@Falk
I don't know how to go about tracking this culprit but here are some lines from the file I found on my server (in every domain and sub-domain) called 'nomercy.html' ... there were tons of other files that I deleted w/o downloading them first; this is all the evidence I have. Don't know if it will help with determining where this guy is or if it is a fusion flaw that allowed him in.
CodeDownload  
Top of file called 'nomercy.html'

<title>Hacked by P3TRUK</title>
<link rel="shortcut icon" href="https://i.pinimg.com/474x/d5/01/c9/d501c9e30c2e1927321375bbb8a2ce93.jpg">
<link rel="icon" type="image/gif" href="http://ekladata.com/m6xjepHNuCur59GtCFoFBTdufuw.jpg">

<img src="https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcSQUS2H7UUlA28RSYe6jqzxg-yy0rGyIXa_yHM-cm7pkOneU1s2"></img><br><br>
<font size="3" face="Courier New" color="white"><i>Pancen nak wes bosen kabeh ketok salah :)</i></font>

Google Translate

JAVANESE DETECTED
Pancen nak wes bosen kabeh ketok salah -------------------------> I really don't want to get bored of everything

We need access log from your server if you can get em.
Should I post the entire log here? It'll be quite large I'm sure.
mail to management@php-fusion.co.uk
I have sent the email with all pertinent attachments. Thanks.
Haven't heard anything back from you guys on this. I actually have some more files that I captured; actual hack files if you'd like to look at them just let me know. There's at least 2 hacker names/email addies in these files.
Reply has been sent days ago, also a PM. Please check your spam mail folders. Update to latest version.
I noticed email is (again) not comming for pm and forum notification
@Falk and douwe
I never received an email notice but I did find the PM; my fault I just forgot to check. I have done as suggested.
Thread Information
Author
Replies
14 posts
Views
288 times
Last Post
Last updated on 2 months ago
Related Threads
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, Grimloch, douwe_yntema, daimonbok1