No announcement yet.

Forum Hacked - Yet again.

  • Filter
  • Time
  • Show
Clear All
new posts

  • RustyF
    Is anyone with Admin access using Yahoo or other non-secured email address for their admin account?

    On another board, I had this happening to me. I finally figured out that my friend with admin rights was sending her request for lost password on her gmail account to yahoo. Yahoo is easily hacked. I've seen it over and over again. I believe Hotmail is too. Use gmail as the login is encrypted.

    You may also need a site certificate to encrypt your login. When a site, any site is not secure it is possible to grab a password at login. They use a port sniffer (that's not the right term but close enough). If you can't delete those files and folders they are creating they have your FTP password too. You must use secure FTP or do not use FTP with Admin rights. You need a host that provides SSH. You don't have to use SSH but Filezilla and other FTP clients use SSH. If you login with standard FTP, you're giving up your password. I've had that done to me too. I stopped it by not using my admin account for FTP. I setup another user.

    You may know all of this but if not, it well help. Never ever send a password to yahoo or hotmail. Only Gmail and you'll be safe, I think. I've never had a gmail account hacked. Hope I'm not inviting it now. No need to prove it hackers, I know you can. haha You can even setup your gmail account so that it will not send password resets unless you first give them a code that will be sent to your mobile phone.

    Even logging into you admin panel give someone a chance to grap your password, I think. I believe the only way to prevent this is via https. I don't think that happens very often. It must be difficult. I hope someone will make that clear.

    Good luck with it!

    Leave a comment:

  • adambloch
    Hi Simon

    I know how you feel we got hacked loads last year and it became a real nightmare... You need to do a few things to help yourself.

    The first thing I would recommend would be to lock your admin via .htaccsses to your static IP... If you don't have a static get one..

    Second if you have a good hosting company they should be helpping you out... talk to them and see if the can have a look at the logs or see if the can find any base64 code hiding. If you aren't hosted with a company who can help or will help find one that does. We tried loads before we found a really good on (Nimbus hosting) who will go that extra mile when it all goes wrong.

    Third delete all the files and folders that you don't really use. There are always loads of files that hang around on these sites after upgrades and addons that aren't used any more.

    I hope these haven't be teaching you to suck eggs but I know how it feels to see years of work getting trashed by someone trying to sell Viagra...

    Many thanks and best of luck


    Leave a comment:

  • josiah
    It's all about access.........passwords !

    Leave a comment:

  • simon157
    started a topic [Forum] Forum Hacked - Yet again.

    Forum Hacked - Yet again.

    Dear all,

    I really hope someone can help. I seem to be having real problems with my forum being hacked and placing redirects to a Canadian Viagra site. It's such a problem I'm considering closing my site down after 12 years. I've also noticed that within my includes folder there and thousands of files which must get posted there on a redirect. I'm running the latest forum version but I just can't solve this. Can some please help and advise me as I'm at my wits end with this. I can't understand why people want to wreck other peoples hard work.


widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.