Hello,
My forum is getting hacked. Someone is able to access my server files and injecting a file xalled index.shtml so that my home page is getting defaced. I am removing that file from server but still those hackers are able to access my server. I am even changing my server, admin cp password every time but still they are able to inject that file. I have upgraded from 1.6.4 to 1.6.6 but still it gets hacked.
my forum url is
www.worldforstudents.in
Here is the screenshot
![[Image: 3433642735.jpg]](https://camo.mybb.com/63f230887321895b3edb15f297563693acc86680/687474703a2f2f6561737963617074757265732e636f6d2f66732f75706c6f616465642f3635382f333433333634323733352e6a7067)
please let me know what I have to do to prevent this.
List of plugins you're running?
Have you scanned your computer for malicious programs?
(2011-12-25, 04:59 AM)Richard Wrote: [ -> ]List of plugins you're running?
Have you scanned your computer for malicious programs?
Currently no plugins running.
Here is a screenshot of plugins which I used to run before my forum got hacked. But now i disabled them all
![[Image: 7040869703.png]](https://camo.mybb.com/f98916bcfc285e4c37dd6356fd2d0e39989fbbaf/687474703a2f2f6561737963617074757265732e636f6d2f66732f75706c6f616465642f3635392f373034303836393730332e706e67)
Yes I did scanned.. No malicious programs found.
appears to be not infected at present . however run file verification tool from tools & maintenance
section of admin panel to check for any changed files . also check server logs for any malicious
activity . contact your web host and ask to check for any malicious scripts ..
Your site has been recovered. Make sure your passwords for AdminCP and Cpanel are strong enough to break.
(2011-12-25, 05:24 AM)ranjani Wrote: [ -> ]appears to be not infected at present . however run file verification tool from tools & maintenance
section of admin panel to check for any changed files . also check server logs for any malicious
activity . contact your web host and ask to check for any malicious scripts ..
I did verify and removed the files he uploaded to my server, changed all the passwords. But still its getting hacked.
(2011-12-25, 05:28 AM)Yaldaram Wrote: [ -> ]Your site has been recovered. Make sure your passwords for AdminCP and Cpanel are strong enough to break.
yes, it got recovered because I removed the files which he injected but after some time it will get hacked again. This is happening to me from last 7 days. I remove the injected files and again after some time he will inject the same again...
It might have nothing to do with your hosting account. If the hacker has rooted the server, or has a shell uploaded on another account then it's up to the host to sort out. They're the best people to contact in this situation. The server logs will provide detailed information about why your forum keeps being defaced.
Make sure your passwords are strong as I suggested earlier. If he is injecting again and again then he is probably breaking the passwords.
(2011-12-25, 05:49 AM)Yaldaram Wrote: [ -> ]Make sure your passwords are strong as I suggested earlier. If he is injecting again and again then he is probably breaking the passwords.
Yes I do use strong passwords and change them every time after recovering my site..
Hmm, you are shelled, lol. Kids these days finds your shared server, finds one week potentially vulnerable site, exploits them, uploads shell, and roots server. Some of them buy specially a hosting account on your host's server and does this.
Similar was happening to me on both shared servers, both got rooted, I finally thought it enough and moved to VPS.
If there is even one shell left in your account, they'd hack again and again, if you do not have much plugins or extra files, delete every file and re-upload them manually, otherwise it'd be very hard to search for a shell.
And also ask your host about this.