How to report a hacker - Keeps hacking my site/forum and won't go away

I ram a large 40K+ forum for ablout a year, here are a few tips to keep your forum safe.

- DO NOT USE ANY PLUGINS

Plugins always have exploits. They let hackers in.

- Have the latest verion, do not use a nulled or (hacked) forum script.

 

Did you make any modifications to the board?

 

I couldnt agree more with Darondavis. With the advent of movies like Diehard 4.0 true hackers are untouchable!!

rojar is also right!!! If you are talking about the Jason Burks v00d00, why would he hack something like myspace? I've heard that he does stuff 4 NASA. Doubt he would lower to the level of breaking into accounts for kicks. He has a blog just google him!!!

 

I agree with LevaCygnet - take access away from everyone except yourself and see if this solves the problem. Doubt an outside guy would keep spending so much time hacking your forum...

 

Ouch, I hope all this gets worked out for you.

 

with up to date patches on your s/w it sounds like one of your admins may be compromised.
check your logs for when they logged in etc and confirm with the user that that was them at the time.

Or it could be a shared server issues with someone getting access to permissions no inteneded. Talk to your hosting co.

 

Same thing kept happening to my forum. I eventually took everyones privileges away usually its the person you would never suspect and a inside job.

 

I would suggest paying someone that knows what they are doing to find out how is getting in, patch it and ./resolved!

 

There are 5 attack vectors here.

- Web application (in this case ipb software)
- server ( apache?)
- system (linux?)
- administrators machines
- social engineering.

In your case i do not think it is the web application being attacked, unless ofcourse you have 3rd party plugins or old versions of ipb, it is most likely either your site is hosted on a vulnerable server/system and they have been able to gain root on your server by popping a shell on another site (and probably gaining root via a kernel exploit) and are symlinking your files. Another vector is that one or more of your administrator users have been compromised by malware in which case i would restrict all priveledges to admin users except yourself and see if anything changes.

If you would like i can conduct a free penertration test, dont worry im a ethical hacker and have worked on finding exploits and suggesting fixes with multiple software vendors such as ecommerce vendors, forum software vendors etc etc so you can trust me, then write a report on my findings and a suggested fix in return for some detailed feedback on my service thread (after i can post in that section ).

Regards

- slack3r

 

This is good advice