Spangle
09-09-2013, 02:58 PM
I got hacked by a group calling themselves "Team root" today, they altered index.php and installed a file called 000.php
I've since had this email form my hosts :
Hello,
Our systems performed a routine malware/virus scan on your account and unfortunately located infected/malicious files. We've automatically moved the infected files(s) out of your public_html directory into a safe, quarantined directory. Below is the file our scanners were able to locate:
/home/talkofth/public_html/forumrunner/x.php
Known exploit = [Fingerprint Match] [PHP Exploit]
Accounts are commonly exploited through outdated software, compromised cPanel/FTP login details, or vulnerable themes/plugins in your applications. We suggest rotating your cPanel and FTP passwords immediately in the event they were compromised. Instructions on how to reset your cPanel password can be found at https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/47/0/how-can-i-reset-my-cpanel-password
If you would like more information regarding this infection, or are looking for our assistance in cleaning up your account, please contact our support team by either emailing support@hawkhost.com or submitting a ticket at https://support.hawkhost.com.
I take this to mean that if you are using Forumrunner you should remove it.
I've since had this email form my hosts :
Hello,
Our systems performed a routine malware/virus scan on your account and unfortunately located infected/malicious files. We've automatically moved the infected files(s) out of your public_html directory into a safe, quarantined directory. Below is the file our scanners were able to locate:
/home/talkofth/public_html/forumrunner/x.php
Known exploit = [Fingerprint Match] [PHP Exploit]
Accounts are commonly exploited through outdated software, compromised cPanel/FTP login details, or vulnerable themes/plugins in your applications. We suggest rotating your cPanel and FTP passwords immediately in the event they were compromised. Instructions on how to reset your cPanel password can be found at https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/47/0/how-can-i-reset-my-cpanel-password
If you would like more information regarding this infection, or are looking for our assistance in cleaning up your account, please contact our support team by either emailing support@hawkhost.com or submitting a ticket at https://support.hawkhost.com.
I take this to mean that if you are using Forumrunner you should remove it.