Announcement

Collapse
No announcement yet.

3.8.6 hacked!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 3.8.6 hacked!

    hi, i upgraded to 3.8.6 2 days ago and upgraded to 3.8.6 patch level1 but hacked today.
    all categories, threads etc. deleted and when i checked transaction and Transaction statistics pages i see a different page (title is: !C99madShell v. 2.0 madnet edition!) its a php shell script i think so.

    what should I do?

  • #2
    After updating to 3.8.6 PL1 did you change your database login info? It's possible (probable even) they got your info yesterday but didn't hack until today.

    Comment


    • #3
      no i didn't, how they get my information? so I will install a backup but they can hack again, what is your suggestion?

      Comment


      • #4
        if they got your info on 3.8.6, and you patch it, they STILL have your details.
        So if you didn't change it: That's how.

        Comment


        • #5
          They got your info by using the well publicized exploit for 3.8.6 that was the cause of the urgent Patch Level 1 update. All they had to do was search your FAQ for a specific word and all your database info from your config.php file was given to them- it was a major exploit. They probably copied it down and used it after your updated. The update instructions really should tell you to change your mysql password, and if possible, username too.

          My suggestion is right now create a new mysql username and password and delete your old one, and update your config.php file with the new info.

          Comment


          • #6
            Originally posted by BirdOPrey5 View Post
            The update instructions really should tell you to change your mysql password, and if possible, username too.
            In the past I could not figure out how to edit/change the data bases user name. I did successfully create a new user with new password, then delete the original database user name.

            Comment


            • #7
              That's fine... I'm not sure you can technically 'change' a username anyway, I just meant make a new one and delete the old.

              Comment


              • #8
                i understand, thank you floris, ok BirdOPrey5 i'm doing right now thanks a lot.

                Comment


                • #9
                  Check your init_startup plugins. I believe you'll find a plugin added there which substitutes the exploit when a user accesses a particular url.

                  Comment


                  • #10
                    Wouldn't it make sense if some of these security patches automatically downloaded themselves instead of waiting for administrators to log on and upgrade?

                    For many forum webmasters you can't just drop everything and upgrade the minute you see an update. There are so many of them they become a blur.

                    I know of two other forums as well as my own that were destroyed by this.

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X