MNNLeafre
10-28-2011, 03:10 AM
Alright so I came back to my forum today to found out my pass was changed. I just woke up so I thought maybe it's just me, so I did a password reset.
I then realize there's an ad where there shouldn't be. I look at the script and it is definitely not mine.
I decide to change back the ads to my code.
Later, I realize I see another admin that I certainly did NOT make.
I proceed to delete the user. He then logs another user's account and starts talking on the shoutbox.
He continues to say
"ban me again and I'll do worse"
"[other user] your pass took me 2 min to crack"
At this point I knew he was a threat and proceeded to turn off my forum
Then HE turns it back on and says
"The forum's are fine, i'm going to sleep and in the morning if this account is no longer admin, and the forum looks any different I will wipe it from the web."
"If you turn it off again I'll cause real damage"
He then rambles on that he just wanted to see if he could hack the forum, and he will "leave us alone"
He said "I made [him] a superadmin, want me to remove that?"
So from that, I decide to check the CP Logs, and it seems that the first thing he did was go to market_item.php. This gave me the impression that the Point Market is NOT safe.
I proceed to disable it (should I uninstall instead?).
Now with that said, what do I do to prevent anything like this to happen?
I see he made several changes in templates. I'm going to uninstall then reinstall the styles for safety. as well as reverting everything back in the default style.
But the thing is, how would he be able to make people super Admins? You need FTP access for that, don't you? My login info for the forums is not the same as my FTP info.
When I stated that the market had to be part of the problem, he said "all i did was make one post in the forum, and make a few super admins"
And instantly I thought it was the one forum section I allowed HTML on.
But however I checked the admin logs and saw NOTHING of the user posting, nor any of the admins/mods deleting a post.
My forum is 4.1.6
What else should I do?
I then realize there's an ad where there shouldn't be. I look at the script and it is definitely not mine.
I decide to change back the ads to my code.
Later, I realize I see another admin that I certainly did NOT make.
I proceed to delete the user. He then logs another user's account and starts talking on the shoutbox.
He continues to say
"ban me again and I'll do worse"
"[other user] your pass took me 2 min to crack"
At this point I knew he was a threat and proceeded to turn off my forum
Then HE turns it back on and says
"The forum's are fine, i'm going to sleep and in the morning if this account is no longer admin, and the forum looks any different I will wipe it from the web."
"If you turn it off again I'll cause real damage"
He then rambles on that he just wanted to see if he could hack the forum, and he will "leave us alone"
He said "I made [him] a superadmin, want me to remove that?"
So from that, I decide to check the CP Logs, and it seems that the first thing he did was go to market_item.php. This gave me the impression that the Point Market is NOT safe.
I proceed to disable it (should I uninstall instead?).
Now with that said, what do I do to prevent anything like this to happen?
I see he made several changes in templates. I'm going to uninstall then reinstall the styles for safety. as well as reverting everything back in the default style.
But the thing is, how would he be able to make people super Admins? You need FTP access for that, don't you? My login info for the forums is not the same as my FTP info.
When I stated that the market had to be part of the problem, he said "all i did was make one post in the forum, and make a few super admins"
And instantly I thought it was the one forum section I allowed HTML on.
But however I checked the admin logs and saw NOTHING of the user posting, nor any of the admins/mods deleting a post.
My forum is 4.1.6
What else should I do?