forum has been hacked

  • Hi

    forum has been hacked 2 times now for 2 weeks, they manage to enter and delete fil in Public_html/forum/wcf/
    when I logged onto the forum today, I see only this(thanks Oluwa) the hacker have delete original index.php fil in ]Public_html/forum and also edited/delete config.inc.php /global.php and options.php in Public_html/forum/wcf/

    Code
    thanks Oluwa

    it may be an issue in WBB or there is a 3-party pluging that makes hacker to getting in to the forum????

    Norwegian language files to (WSC 5.2 + 5.3 WSC 5.4 + 5.5 and The New 6.0 ) *no.xml* Unofficial Language Packs

  • it may be an issue in WBB


    That's very unlikely.


    there is a 3-party pluging that makes hacker to getting in to the forum


    This could be. However, it's also unlikely, if you got it from our plugin store.

    ---

    What about the possibility, that someone knows your FTP password? What FTP client are you using? Filezilla for example is known, that it saves passwords in clear text on your machine. So if your computer gets compromised, it's possible to grab all your saved FTP passwords.

  • What about the possibility, that someone knows your FTP password? What FTP client are you using? Filezilla for example is known, that it saves passwords in clear text on your machine. So if your computer gets compromised, it's possible to grab all your saved FTP passwords.

    I use Total Commander,and there are no guests can read or watch forum, only members,but we have a problem with it being up to 300 guests, from China / USA
    and forum is Norwegian with server in germany, I've now created new password to Cpanel and FTP account plus MySql-database

    Norwegian language files to (WSC 5.2 + 5.3 WSC 5.4 + 5.5 and The New 6.0 ) *no.xml* Unofficial Language Packs

  • this we have installed in forum,and we are on a VPS server, where it is 4 pieces forum, and it is only this forum being hacked.
    Can you see if there are any of these pluging that can create access for hacker
    Thanks

    Display Spoiler


    WoltLab Community Framework 2.1.11 pl 1
    User Conversation System 2.1.6
    User Infraction System 2.1.2
    WoltLab Burning Board 4.1.11
    Moderated User Groups 2.1.4
    Legal Notice Page 2.1.1
    Importer 2.1.10
    WoltLab Calendar 2.1.3
    Calendar Event Threads 2.1.3
    WoltLab Gallery 2.1.3
    Aqua White 4.1 2.0.0
    Last X Posts 1.0.10 pl 3
    Linkliste 2.0.2 pl 1
    Portal 1.0.0 pl 1
    Portalbox 'Bests Posts' 1.0.0
    Portalbox 'Boardstructure' 1.0.0
    Portalbox 'Latest Posts' 1.0.0
    Portalbox 'Most active Threads' 1.0.0
    Portalbox 'Poll' 1.0.0 pl 1
    Portalbox 'TagCloud-WBB' 1.0.0
    Portalbox 'News' 1.0.0 pl 1
    Portalbox 'Unread Posts' 1.0.0
    Portalbox 'Control-Center' 1.0.0 pl 1
    Portalbox 'Friends' 1.0.0
    Portalbox 'Birthdays' 1.0.0
    UserGroup2MultiSelectOptionType 1.0.0
    Portalbox 'Most active members' 1.0.0
    Portalbox 'Nuevos Miembros' 1.0.0
    RecentActivity2MultiSelectOptionType 1.0.0 pl 4
    Portalbox 'Recent Activities' 1.0.0
    Portalbox 'Team' 1.0.1
    Visits & Clicks 1.0.0
    Portalbox 'Visits & Clicks' 1.0.0
    Portalbox 'Who ist online?' 1.0.1
    Who was online? (baseplugin) 1.0.0
    Portalbox 'Who was online?' 1.0.0
    EasyPoll 1.0.20
    Easyslider 2.4.7 pl 1
    Replace URL By Name 1.0.1 pl 2
    Signer 1.0.0
    ImageProxy 1.1.1
    Social Messenger Buttons 1.0.1
    Donations 1.0.19
    Template modifier "convertIP" 1.0.0 pl 1
    IP Tools 1.3.0
    IP Tools (WBB) 1.0.0 pl 2
    IP Tools (Cloudflare) 1.1.0 pl 3
    IP Tools (OVH CDN) 1.1.0 pl 2
    IP Tools (Rangeban) 1.0.0 pl 1
    Usermenu: ACP Link 1.0.1
    Benutzer online Markierung Erweiterung 1.3.1 pl 3
    Mark as read (extended) 1.1.0 pl 3
    Modern Shoutbox 1.1.7 pl 3
    Modern Shoutbox WBB4 1.0.2 pl 2
    Portalbox 'Modern Shoutbox' 1.0.0
    Modern Shoutbox Archive 1.0.2 pl 1
    Modern Shoutbox Smilies 1.0.2
    Daily Visitors 1.1.0 pl 1
    Daily Visitors - Burning Board 1.1.0
    Animated Notification Icon 1.0.0 pl 3
    Favicons 1.0.0
    Forum Online Time 1.0.1 pl 1
    Country flags 1.1.3
    MediaElement.js Integration 1.2.0
    MediaProvider PIP 1.0.2
    Third-Party Newsfeeds 1.1.1
    PayPal donation button 1.0.2
    last post scores box 1.0.1
    Language switch in user menu 1.0.1
    Sprachpaket Stile 1.0.11
    Focus 2.1.0
    ThreadSmallButtons 1.0.0 RC 2
    HyperTex 402 1.0.0
    Remember style 1.0.1
    jCounter 1.0.1
    Push 1.1.1
    nodePush 1.1.0
    Tim’s Chat 3.0.6
    Portalbox 'Tims Chat' 1.0.0
    Animated conversation icon 1.0.0
    Moderation of user for posts 1.0.1 pl 1
    MediaProvider Collection 1.0.8
    Members List Table 1.0.3
    Members List Table - Burning Board 1.0.2
    Members List Table - WoltLab Calendar 1.0.0
    Members List Table - WoltLab Community Gallery 1.0.0
    Soundbenachrichtigung bei einer neuen Konversation 1.0.0
    Additional buttons "Reply" and "Start conversation" in posts 1.0.0
    Registrierungs/Anmeldebutton in Foren und Themen 1.0.0
    Online List - Tims Chat 1.0.1
    Advent Calendar 1.0.0
    Tapatalk 1.3.8
    UZ Top Poster Month 1.0.1
    Mediaprovider: Google Play (via SoftCreatR Media) 1.1.0
    Mediaprovider: Twitter (via SoftCreatR Media) 1.0.0
    Redactor - Button 1.0.3
    Themen ignorieren 1.0.1
    Thread Sidebar 1.0.1
    Lucent 1.0.3
    Redactor - Countdown 1.0.2
    BBCode Map 1.0.0 RC 2

    Norwegian language files to (WSC 5.2 + 5.3 WSC 5.4 + 5.5 and The New 6.0 ) *no.xml* Unofficial Language Packs

  • What all do you use on VPS ? cPanel should be safe. But if you have some scripts that add 777 to your folders, that could be an issue. Your logs are the best place to start the investigation.

    Smile , it's good for health

  • INFO

    They have once again tried and hacking forum,last time I managed to stop them,and I found these files into EasySlider?? (spam.zip) 3 index files.

    and about 50 e-mails from the server with this info.

    Code
    Subject: Fx29Shell http://www.xxxxxxxxx.com/wbb4/wcf/easyslider/images/fancybox/thanks.php?x=img&img=download by 61.6.84.178
    Boss, there was an injected target on www.xxxxxx.com/wbb4/wcf/easyslider/images/fancybox/thanks.php?x=img&img=arrow_ltr by 61.6.84.178

    there is only one ftp account and it is only I who know the password to ftp / cpanel and forum admin,So how do they manage to hack forum I do not know but I've done about all passwords and deleted the EasySlider.

    Files

    Norwegian language files to (WSC 5.2 + 5.3 WSC 5.4 + 5.5 and The New 6.0 ) *no.xml* Unofficial Language Packs

    Edited once, last by tunhj1 (October 11, 2016 at 9:35 PM).

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!