my IPB v 1.2 just get hack .... some one just put the code below in my IPB footer : <a href="http://www.directview.co.il"><b>öôééä éùéøä</b></a> | <a href="http://www.freeserv.co.il"><b>à çñåï áçéðÃ</b></a> | <a href="http://www.multi-f.co.il"><b>÷äéìú ôåøåîéÃ</b></a> Code (markup): The CHMOD is 644 but they still able to hack in and put the link at wrapper, any solution ? currently i change chmod to 000 for temporary solution...
IPB v1.2? Thats very very old Look up lists of known ipb 1.2 hacks, and normally you can find the fixes to some popular bugs
Almost all phpBB forums have huge vulnerabilities and security holes which some kids just go to milw0rm and use an perl exploit on your site. I suggest you use SMF. There are many others, but SMF has a lot of extensions. -Howlinghawk
First remove unwanted code from there. I suggest change your ftp detail, ipb admin user and password. Check your hosting company is reliable. Things will be ok then no need to worry about upgrading...
Yah .. that the problem, i try to fix (delete) few time, but it come back again and again, first they put redirect to viagra site, then popup and now footer link ... Yah does think of changing to other platform but is kind of hard for me as a newbie IPB 1.2 (yah very old and trial version )
Haha, how many years have you had that? 10? Is it a big forum? I suggest looking into phpBB if you are thinking about using some different, updated software
very old and none profit site they back again after i change the files name ad_wrapper.php to 000, he still able to do add footer, this time he delete my adsense code too ... any one can help ??
1) Upgrade to latest versions 2) Ask your host to install CSF & mod_security 3) Change all passwords including DB pass 4) install forum again as its possible for exisitng install has been planted with backdoors 5) Lastly, Note his IP address and report him to his ISP by providing proper evidence All this should stop script kiddies from messing around. if he a pro, then you need professional help Hope it helps
yes he is pro ...... I try delete the link and disable all admin access, end up it make him angry and he delete every files in the server (include another 202 site), now my hosting company just try to recover everything
As far as I know, a site can get hacked not for the script that you're using to make your website. You may use anything script like php, asp, .net, perl etc. But you can't say that only using high quality script to make pages will safe your site from hacker....then it's wrong. It's common that if someone had putted texts into your web page, that means your web page is not write protected. The default setting of a folder, page into the server remains read only. If you'd made write permission of the page which got hacked and got hacked, then there is nothing to say. But if you didn't change any permission for that page and still got hacked by the hacker than your server security is not good or not have. No one can write anything into the web page from "http:// or https://" if your server security is good. thanks
Your best bet is to delete the whole thing and restore from a backup - you do back-up daily, don't you?
In 80% cases an infected system is the main reason of virus attack. Sit before a fresh PC, login to your control panel and start changing passwords for everything like, control panel, ftp, admin, database, email etc. And then remove the malicious codes from all the infected files (don't execute invected file, this may infect the fresh PC as well). And finally scan your PC with 1. an antivirus 2. a rootkit scanner You can use AVG and after that Combo Fix. I faced same problem 2 months ago with my website. I'm cured now. Repeadtedly try to find out if any hidden trojan is masquerading/fabricating or not. If so, please remove all of them. In this session, your FTP client (if used) is probably infected. uninstall it and reinstall. And 1 suggestion for you, which I learnt from practical experience: Though you haven't made the mistake, but I must alert you, never reveal your website's url when it's infected or hacked. These are general users forums, anybody can register. Believe me or not, lot of hackers, crackers and tracepassers are roaming here, just to trace out a new loop hole. Don't let them know, that your website contains a vulnerability, which can be easily defaced. Not only this, posting link of an infected website will bring spiders to your pages. This will affect your websites impression (as most of the search engines today are alerting visitors about any infected pages in the search results) and will help the hackers/malware to spread quickly.
Just asking for information. Is there any problem with FileZilla? Any complains, bugs, vulnerabilities? Please forward me towards the URL, if something is discussed against FileZilla. I was using File Zilla and got infected last time. I'm not sure what was the exact reason of infection.
My site was added some iframes linking to china websites few weeks ago. So i did a search and found that most people with this problem has filezilla installed and the advice given is DONT save your ftp password in filezilla. My website is safe since then. Read this
Thank you ads2help for the response and the link. All of these cases, mentioned by you, are matching for me. My websites were infected a month ago. I was using File Zilla as FTP client. I used to save passwords in File Zilla. The infection was adding hidden iframes to my webpages, which were linked to some non-existing chinese websites. But I still suspect if FileZilla was the only reason or not. One of my client never understood how to use a FTP client. He was using File Manager of his cPanel every time, for updating his website. His website was also infected. In this relation I must give you a reference. I've seen, in most of the cases the default anti virus of cPanel and AVG failed to detect those infected files. One of it's reason, I realised, was , the files only contained an extra iframe, no melicious codes, encrypted javascripts etc was there. That's why they were ignored. I got a tool, http://online.us.drweb.com/?url=1 Dr Web online virus scanner, which helped me those days, to find out injected iframes.
yes i use filezilla .... I think the problem from hosting company, i try to put file in 000 chmod (only one file) but that trigger them to delete my adsense and footer ..... then i do chmod 000 to the directory, at the same night, the server complete disappear (i check thru reverse dns, all site in the server redirect to some funny site).... Now everything get back normal (for the pass twoday), hopefully they will disappear forever.