Results 1 to 20 of 20

Thread: Hacked again !!!!

  1. #1
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153

    Hacked again !!!!

    I really dont get it..

    Thats every script updated to most recent versions. Every password changed.. Every hole closed..

    And again it gets hacked ??

  2. #2
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Of course as all I have done is restore a pre hacked backup, which they managed to hack, I have to assume they will be able to hack it again..

    Its back to this nonsense again !!

  3. #3
    Senior Member
    Join Date
    May 2013
    Posts
    687
    Was Myanmar lot again ? didnt see their signature page ?!?

  4. #4
    Senior Member NeedHoliday's Avatar
    Join Date
    Apr 2013
    Location
    Melbourne
    Posts
    1,105
    Didn't see anything either, what was the attack like this time?

  5. #5
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    yes.. myanmar lot again..

    every script up to date.. everything reset from before..

    Its a mystery how they gain access to inject this.. I am finding backdoor index.php files all over the root of the webspace, not only the public HTML sections but up in the .cpanel etc directories.

    Asking webhost to reset it to as new.. so may cause outages.

    At least I have a fast backup / restore system.

  6. #6
    Senior Member NeedHoliday's Avatar
    Join Date
    Apr 2013
    Location
    Melbourne
    Posts
    1,105
    You sure its not some other site being hacked on the shared host that's allow them access to your files?

  7. #7
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    This has been raised with the host support who claim not..

    I have no way to verify that.. They even sort of said, that due to there being backdoor files spread up a level from the public_html folder they have to have accessed via my compromised password.. I rate that as highly unlikely, its a fresh, complex, unused elsewhere pass and freshly changed after every hack (so much so its hard to keep track of sometimes).

  8. #8
    Senior Member
    Join Date
    May 2013
    Posts
    687
    Just found this might be worth a read...

    Hackers News Bulletin | Latest Cyber Security News Portal

  9. #9
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    I believe that was the announcement that left the hole last time.. Was patched pretty fast but I was slow to update.

    But everything is updated and patched currently to most recent versions.

  10. #10
    Senior Member soupdragon's Avatar
    Join Date
    Mar 2013
    Location
    Bang Tao
    Posts
    2,367
    No idea if it is related but got this line of script at the very top of the page when I viewed my notifications page. Never seen that before.

    Warning: Declaration of vB_ProfileBlock_vBSEOLikes::block_is_enabled() should be compatible with that of vB_ProfileBlock::block_is_enabled() in ..../vbseo/includes/functions_vbseo_ui_profile.php on line 52

  11. #11
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Thanks.. Thats the errors I suppressed but must have done it after I backed up..

    I will fix this afternoon, and then update my backup files. I am just out the door now.

  12. #12
    Senior Member NeedHoliday's Avatar
    Join Date
    Apr 2013
    Location
    Melbourne
    Posts
    1,105
    Ah hacked now I see - but only some files, as new posts and viewing topics is fine, but the forum root shows the hack.

  13. #13
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Quote Originally Posted by NeedHoliday View Post
    Ah hacked now I see - but only some files, as new posts and viewing topics is fine, but the forum root shows the hack.
    Then that's happened since I left the house as it was cleaned before going out.

    I am on tapatalk so don't see it.

  14. #14
    Senior Member soupdragon's Avatar
    Join Date
    Mar 2013
    Location
    Bang Tao
    Posts
    2,367
    Yeh that has happened just now. Forum root now showing........
    Attached Images Attached Images

  15. #15
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Yeah I checked in a browser

  16. #16
    Senior Member
    Join Date
    Apr 2013
    Posts
    373
    hacked now, I just tried to open the site in a new window, hacked.

    although i seem to be able to use it 'normally' from a different browser that had a window opened on this site.

  17. #17
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    what they did was hack only the front page.. All the sites SEO static links would have worked and tapatalk worked..

  18. #18
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Its 99% sure its going to happen again as whatever backdoor they are using for injection isnt closed.

  19. #19
    Super Moderator LivinLOS's Avatar
    Join Date
    Mar 2013
    Posts
    14,153
    Fairly hopeful that with Andys expert assistance that at least the primary hole is now closed.

  20. #20
    Senior Member
    Join Date
    Jun 2013
    Location
    New Zealand
    Posts
    902
    Must be annoying, causes a lot of work for you
    Pretty pointless too, a bit like graffiti that no one really sees.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •