2013-01-03, 09:20 AM
I can see the logged Admin activity of the hacker while they were in the system. I managed to login and ban them right in the middle of them clicking delete on user accounts.
Anyway, in the logs you can clearly see a "shell" of some kind was uploaded as an attachment. I'd like to know where this went and how I can make sure to get rid of it.
Next, I'd like to know how to completely eliminate the uploading of attachments. I run a forum that in no way, ever, is going to have a need for users or myself to upload attachments. I realize it won't be a 100% fix to a future attack but I just have no reason to even keep attachments as an option.
I'm pretty good with going in and finding/modifying code so please let me know what to remove, etc...
Also, is there a way to track who was behind the hack? I'm told by some that they might have needed to buy space on the same server as me? How can I look further into this and what are the steps to take if I would like like to trace this hack attempt back to the source? I'd like to be able to trace steps and figure out what exact method was used, so that something can be done to make sure it won't repeat.
Anyway, in the logs you can clearly see a "shell" of some kind was uploaded as an attachment. I'd like to know where this went and how I can make sure to get rid of it.
Next, I'd like to know how to completely eliminate the uploading of attachments. I run a forum that in no way, ever, is going to have a need for users or myself to upload attachments. I realize it won't be a 100% fix to a future attack but I just have no reason to even keep attachments as an option.
I'm pretty good with going in and finding/modifying code so please let me know what to remove, etc...
Also, is there a way to track who was behind the hack? I'm told by some that they might have needed to buy space on the same server as me? How can I look further into this and what are the steps to take if I would like like to trace this hack attempt back to the source? I'd like to be able to trace steps and figure out what exact method was used, so that something can be done to make sure it won't repeat.