Jump to the post that solved this thread.
Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 13 Years, 3 Weeks ago My forum is getting hacked.
#1
Solved: 13 Years, 3 Weeks ago
Hello,

My forum is getting hacked. Someone is able to access my server files and injecting a file xalled index.shtml so that my home page is getting defaced. I am removing that file from server but still those hackers are able to access my server. I am even changing my server, admin cp password every time but still they are able to inject that file. I have upgraded from 1.6.4 to 1.6.6 but still it gets hacked.

my forum url is www.worldforstudents.in

Here is the screenshot [Image: 3433642735.jpg]

please let me know what I have to do to prevent this.
#2
Solved: 13 Years, 3 Weeks ago
List of plugins you're running?
Have you scanned your computer for malicious programs?
#3
Solved: 13 Years, 3 Weeks ago
(2011-12-25, 04:59 AM)Richard Wrote: List of plugins you're running?
Have you scanned your computer for malicious programs?

Currently no plugins running.
Here is a screenshot of plugins which I used to run before my forum got hacked. But now i disabled them all
[Image: 7040869703.png]
Yes I did scanned.. No malicious programs found.
#4
Solved: 13 Years, 3 Weeks ago
appears to be not infected at present . however run file verification tool from tools & maintenance
section of admin panel to check for any changed files . also check server logs for any malicious
activity . contact your web host and ask to check for any malicious scripts ..
#5
Solved: 13 Years, 3 Weeks ago
Your site has been recovered. Make sure your passwords for AdminCP and Cpanel are strong enough to break.
#6
Solved: 13 Years, 3 Weeks ago
(2011-12-25, 05:24 AM)ranjani Wrote: appears to be not infected at present . however run file verification tool from tools & maintenance
section of admin panel to check for any changed files . also check server logs for any malicious
activity . contact your web host and ask to check for any malicious scripts ..

I did verify and removed the files he uploaded to my server, changed all the passwords. But still its getting hacked.
(2011-12-25, 05:28 AM)Yaldaram Wrote: Your site has been recovered. Make sure your passwords for AdminCP and Cpanel are strong enough to break.

yes, it got recovered because I removed the files which he injected but after some time it will get hacked again. This is happening to me from last 7 days. I remove the injected files and again after some time he will inject the same again...
#7
Solved: 13 Years, 3 Weeks ago
It might have nothing to do with your hosting account. If the hacker has rooted the server, or has a shell uploaded on another account then it's up to the host to sort out. They're the best people to contact in this situation. The server logs will provide detailed information about why your forum keeps being defaced.
No longer involved in the MyBB project.
#8
Solved: 13 Years, 3 Weeks ago
Make sure your passwords are strong as I suggested earlier. If he is injecting again and again then he is probably breaking the passwords.
#9
Solved: 13 Years, 3 Weeks ago
(2011-12-25, 05:49 AM)Yaldaram Wrote: Make sure your passwords are strong as I suggested earlier. If he is injecting again and again then he is probably breaking the passwords.

Yes I do use strong passwords and change them every time after recovering my site..
#10
Solved: 13 Years, 3 Weeks ago
This user has been denied support. This user has been denied support.
Hmm, you are shelled, lol. Kids these days finds your shared server, finds one week potentially vulnerable site, exploits them, uploads shell, and roots server. Some of them buy specially a hosting account on your host's server and does this.

Similar was happening to me on both shared servers, both got rooted, I finally thought it enough and moved to VPS.

If there is even one shell left in your account, they'd hack again and again, if you do not have much plugins or extra files, delete every file and re-upload them manually, otherwise it'd be very hard to search for a shell.

And also ask your host about this.
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)