We got hacked. I was locked out of admin, and now I even seemed to be locked out by my domain. I've been getting this error:
--------------------------------------------------
mySQL error: 1045
Access denied for user '...'@... (using password: YES)
Query:
--------------------------------------------------
but I don't know if this has anything to do with it.
I have read some threads on this board about it, and dare say I'm not confident about being able to carry out some of the suggestions. Or even that I understand them, as I'm not too literate in computer programming. But I will have a go.
I've downloaded PR2 which I will upgrade as soon as I am know how safe it now is to back to using the board.
But
1)how confident can I be that we will be protected from this intrusion?
2) And how about this 'injection' thing, and about knowing what 'infection' is left on the db?
3) Is there a 'for dummies' way to effect these protections?
BACKGROUND/FURTHER INFO:
First hint of hacking were these messages on 14th and 15th August. which, not knowing any better I sent to my ISP, who were no help:
-------------------------------------------------
(14 aug)
A user has tried to access the Administration Control Panel for .... They were unable to succeed in doing so.
Below are the login details:
Username: \' or 1=1 /*
Password: (MD5: d41d8cd98f00b204e9800998ecf8427e)
IP Address: 81.214.122.174
Hostname: 81.214.122.174
(and 15th Aug )
....
Username: \' or 1=1 /*
Password: (MD5: d41d8cd98f00b204e9800998ecf8427e)
IP Address: 81.192.143.174
Hostname: adsl-174-143-192-81.adsl2.iam.net.ma
--------------------------------------------------
More recently (two days ago) found myself locked out! And all other admin accounts were deleted. First I could go on and see the board, but then I was like I was banned and now I get the SQL error 1045 as quoted above.
Through the sql db I have found this user//email: (which is now deleted)
Avt_Phenix //
[email protected]
and through DNSStuff got this info: (though I don't know how useful it is)
domain: XAKER.RU
type: CORPORATE
nserver: ns1.nextmail.ru.
nserver: ns2.nextmail.ru.
state: REGISTERED, DELEGATED
person: Egor B Polusmak
phone: +7 095 5063196
fax-no: +7 095 5063196
e-mail: ******@mail.ru
registrar: RUCENTER-REG-RIPN
created: 2000.06.30
paid-till: 2006.07.03
source: TC-RIPN
There's loads of changes in admnlogs that I don't understand but if they might be useful I would send them to someone.
Grateful for useful responses