One of my forums got hacked today I looked to see where the hacker exploited my script ( SMF ) and nothing found The database seems intact , same does index.php ... Any ideas ?
Do you have exact date of the exploitation? Ask your host to provide you the FTP logs of your website. From the log, you will be able to know the IP address of the exploiter and the FTP user used. First of all, change the passwords of your control panel and FTP accounts. Use strong password. Upgrade your SMF to the latest version available today.
Has anything been altered on the website itself? The problem is that the person could have installed a really small script or a rootkit, or some other malicious software. The only responsible answer is to wipe the whole server, start over, and go through all of the pages line-by-line making sure that there is no malicious code. You can also look at your logs to see what was altered, but it's usually impossible to do this accurately enough to completely rule out any bad behavior.
LOOL , now all my sites are hacked . WTF !?!? How this hacker managed to hack all my sites ( wordpress, smf, pixelpost, e107 ... ) OMG , I will kill him !
Have you got all of this on the same host? If so, your host must have been rooted. Maybe he shelled (c99) your host, that might have been how he was able to hack all your sites.
Usually they hack by inserting a post with some redirection code (WP,SMF) or editing a post so I suggest checking your posts...
all sites in php + sql were hacked . Only html were left alone ( don't know why ) . And at one site I found a .htaccess file. Solution ? Deleted all files , got a backup from my server administrator and replaced files . Also changed cpanel and ftp password . Who hacked me ? Some hackers from Turkey ( RaZoR hacked the most of them and another guy , forgot his name ) . They left an address ( cybersabotage.net , but since I don't know Turkey language ... useless )
Any chance you're at Comcast? They were recently DNS-hacked - LOTS of names/passwords stolen as people signed into the phoney site. Most recently hit PhotoBucket, too. Try signing into your own site and see if it looks to be up. See ZDNet for latest details; don't seem tohave the URL handy. Luck!
Try to make an indepentent vulnarable code on your SMF part. It could be helpful to prevent in any same future situation
No I am not at Comcast . @suraja : don't know that much smf ... I don't know how they succeded to hack my sites... for now all is OK , but I hope they won't hack me again.