Ok.. my site: www.u-no.info I think this is how they did it. They uploaded an .php file from my forum. Then a php called "mshell.php" started to create on each individual folder. ( This gave administrator control, I even checked. ) [ Link: My host can pull the data back up about to 1 week from now, which I was hacked today early morning. [ Restore, but costs me $75 ] Tracking them will be easy, but tracing IP proxys to another will be hard. I am wondering if finding this hacker is possible. I am pretty sure, and others have told me that I can sue this hacker for how much time and how much customers and how much money and how much stress I have taken and also illegal action against me, when I am NOT AT ALL RELATED or at least someone behind is trying to do this for fun or some kind of a reason I do not know. I can get all the IP logs, MYSQL logs, and the date the virus was injected, and such and such. I am just wondering, if anyone can help me find this person, and directly sue them for repayment of what I have wasted ( Lawyers / Specialists / Site / Time / Etc ) and go to court for decision. If it is possible for me to sue them, and that I can win, and I can track this person down, Please please help me.. I will pay whatever I can, because at the end this person will be the payer, and I am very mad and concerned. --- Note: they also hacked my MSN , as well as other accounts. -Chitika Probably ( not checked, I was too stressed) -Hacked my Godaddy Account ( Domain ) -Lunarpages (My Site Server Host / Account, and changed all the information, and currently somehow had cPanel Access TOO) --- Also Note: I have Nod32, and IObit Security MOST up to DATE. I have not downloaded anything suspicious past month, and I take seriously about downloading things. My site host is repeatedly saying it is my computer with virus, but I am pretty sure and confident that my computer had no virus and has no virus right now.
I hate to be a kill joy. But the chance of actually bringing a "hacker" to justice is rare and pretty difficult. They tend to be the sneaky type. My suggestions are: 1. Find a new host. 2. Change all of your passwords to everything. 3. Reinstall your OS. 4. Rebuilt your website 5. BACKUP!
I wouldn't waste your time trying to sue- odds are they did it behind a few proxies or zombie servers anyways. Your best bet is to wipe the server, and start fresh. Most of the time, this is not a password issue, but instead a script vulnerability that allows a compromise. Are you running the latest version of your forum software? Regardless, YOU NEED to find the vulnerability before you restore your site.
this definetly doesn't look like they have hacked your website. This looks like they have hacked your computer! (and stole all your passwords, and as a result your website was one of the victims along with your IMs and godaddy and everything else) , or at least they got into your most-important email account .. think .. where do you keep the passwords for all those things that got hacked ? is it in your webmail somewhere ? or is it a file on your desktop ? .. that's what got hacked in first place about sueing .. come down to earth .. even if you get the address, name, and phone number of the person who did it along with a video from a security cam showing them hacking into your website - you can do NOTHING to a hacker sitting somewhere in Tanzania or Egypt or China or whatever else ..
hi i've register here just to share what i found on this issue since i have the some problem the file "mshell.php" is the "MulCiShell v2.0" php backdoor build to force admin access and download the database i know many forum softwares and non use an "mshell.php" file! it copy it self to different directories starting from /upload, then to /themes, etc... first step that i recommend is to verify your database users and admin then delete all SQL users since you can alway create an new user for the some DB and re-setting it on your forum later if possible scan your site files locally, i've downloaded my site and i'm comparing all files, only in the forum dir i've deleted 8 copies of mshell.php and since this file is encrypted. i found here the source code: http://pastie.org/679674/wrap sorry if i disrespected any forum rule, but when we find something like this, we need to act fast to keep our forum users privacy my reply here is after 19hours searching and editing files else look for what 777 permissions can be remove my site: http://www.eve-isind.co.cc/