Well change every single password again, make sure Avast is up to date and do a deep scan. Download Malwarebytes and use that as well.
and do you really think that will aolve this? this guy will continue to hack as as we restore the threads he is deleting.
Yes, if he can't access any administrative resources he won't be able to do anything to your board...
but changing a password for the third time in 2 days surely wont fix this?
everytime i change my password and scan the computer he gains access a few hours later. something more complicated is going on.
It's through your admin account only, correct?
hmm yes i think so. he's done it through two admin accounts, my account today, and my other admin yesterday who is now just a registered user until i figure out whats going on.
so he somehow got in through me today
any other advice?
When you change passwords, you need to change the passwords to ALL points of access. This includes your admincp, phpmyadmin, cpanel, ssh (if you have access), mysql (for all users that have access to your db), ftp.
Second you need to do an audit of your files to see if the hacker planted any files that shouldn't be there that they may be using to gain backdoor access. Also do an audit of your users to make sure there isn't a user who has admin permissions (secondary group admin)
Do an audit of your server access logs. Since you have the ip address and the time of the intrusion its easier to find it in the logs. Track what they did before getting to the admincp. Did they access another file on the server (possible backdoor), did they try a number of passwords before they got in or did they get in on the first try (meaning they knew the password and didn't have to guess)
Lastly, for the time being to add a security level, change your admin directory name, and add a directory authentication to it with a strong password!
Also for now, instead of entering your password, save it in a text file and copy paste it whenever you need to use it. This will reduce the chance of a keylogger (in case you're infected by one) getting the password since most key loggers don't track the clipboard.
Can you confirm you're using 1.6.1?
