I need some urgent help. It seems that my vB4 suite site has been attacked by a hacker. What has happened is that a new section has been added to the list of sections on my home page. The new section is an advertisement with some profanity on it. Clearly, who ever did this may have had access to my CP, and add the new sections.

Aside from trying to determine how this might have happened, I am unable to delete the section becasue there is no 'delete icon' next to it. I am however, able to block the viewing on the front end of this specific section, by removing all the permissions except to the administrator.

I recently updated the latest patch 4.0.2 so not sure how this has occured, and how to prevent it from continuing - and also removing the section.

Any help would be greatly appreciated.

cammot

One big tip about running a forum "Always use strong passwords"

Thats how he got to your AdminCP

I agree with the need for strong passwords, which I have. But it's an assumption on your part to suggest that's the only way a hacker can infiltrate a site. That's why they discover security holes from time to time, and releases security patches.

cammot

You cannot delete the section until you have removed all the articles from it.

Check your access_logs and see if you can determine how they got in.

I had problems also but it is just spammers and there dam software they use i just added a security question for registration and so far it has help quit a bit. :up:

Your server needs proper security.. brute force attacks are all too common (my servers ban dozens of IP's daily for these) If your web host does not run some type of protection from brute force attacks, you need a new host..

ALSO Make sure your mysql db password in the config file is uber complex as well.. good hackers really do not use the GUI in most cases.. they inject code through an insecure script and it may not even be related to your forum...

Good luck... for me? a server gets hacked and it is full system dump and reload of the OS...

Thanks for all the comments. I think I finally think I found the method used, if this helps anyone. Apparently one of my forum's was accessible for non registered, and an article that was created on the forum also had comments (replies) enabled. So the spammer took advantage of making a comment, that somehow even changed the forum title. HTML was allowed on the comment box. So it could be that these contributing factors led to how my site was infiltrated without a password being necessary.

Thanks
cammot