My forum got hacked, but all they seemed to do was replace the config.php Where should I look for anything else to make sure everything is ok? They were the Turkish hackers.
They target forums for the mass amount of email address that are in the database to spam and sell on, they will get $0.50 - $5 per email address on the black market. I duno why they changed your config.php? May I ask what part they changed or added?
Best things would be re-upload all the files, change you db password and ask admin/mods/staff and all members to change their passwords... If you can Dedicated server, then OS reload might be good thing to do... just to be sure there aren't any high risk files uploded.
Thanks, I will have to do that. I can't see anything else changed, but I could be wrong so I will re-upload everything.
Change your password for everything, email, forum, cpanel and other things. What forum software are you on? You should re-upload everthing back, and then update to the latest version of the forum software.
also, when you reupload everything...don't just reupload it over the current files...delete the directory first. If they uploaded a malicious file (rather than altering an existing one), a simple upload of backup files won't erase that malicious file
And delete the directories as well. I believe vbulletin is the only one that uses a config file. What directory was it in? Go through all your files.
Do a fresh install and make sure you don't have unrequired permissions on certain files. Permissions is always an issue. Change each password, same applies for your FTP account and webhost control panel. @ForgottenCreature, there's far more BB systems that use config.php, in order for a script to work they must include some kind of mySQL, usually found on a config.php file, its located under /includes/ folder on vB, not sure about the others though. Meti
No, everything is NOT okay. The fact that they accessed your config file is the whole problem. Protect it! Are you able to set permissions on that file? Password protect it somehow.
i was thinking around the same thing when i saw there was a reply here. chmod all your folders 0755 and php files 0644 you can probably chmod config.php 0600 and it'll be ok. should be anyway.
At least 95% of the successful hacks I've dealt with are because the owner/developer did not set appropriate permissions.
don't listen to this guy. 0700 makes it un viewable in a browser. you don't know what your talking about. keep your bad advice to yourself.