These hackers have me fed up!
 

Hi folks,

I'm in need of some advice and help, really.

I was having a few issues with someone hacking an admin account (they apparently took control of more than just that one account) on a site I admin which was running 3.5.3. We had a running battle for a few weeks. After I upgraded to 3.5.4, the attacks stopped for a few days. They then started back up. All along, all the person(s) were doing was changing (defacing) forumhome.

That changed finally, as they have now deleted my forum structure and posts as well as defaced the front page, forumhome and I don't know what all else (that seems to be all though). They created three new forums and one post, concerning a muslim political commentary.

I have a backup of the database (one week old) and my host can also restore it from last week if need be. I have the server access logs as well as my ACP logs. The site is currently turned off until I figure out how to stop these attacks.

I'm wondering if anyone has suggestions at this point for what I should do? I might be interested in getting some help as well, perhaps someone to look it over and also help restore the database properly.

Any input would be greatly appreciated.

:)

this post has some good points related to your question, it should help a lot https://vborg.vbsupport.ru/showthread.php?t=118613 :)

Thanks for the link Sean. :) I've read through that prior and have done some of the things recommended therein.

I'm having a hard time figuring out how the heck they keep getting control. I would really like to get some resolution wiithout reinstalling the entire board from scratch too, but I'm not sure where to look at this point. I do have the server logs too, but cripes, it's huge and I actually am not even sure what to look for in it.

:confused:

Incase you overlook the new replies to that other thread.

Heres one idea, if you do everything correct, and follow the suggestions given in this thread, and it still happens again, you might try to check you pc for any tojans, keyloggers, etc. that is assuming that you havent already.. You never know it could be something as simple as your PC being compromised, wouldn't be the first time that has happened to someone.

Move servers, maybe your server is completely unsecure, may i ask who you host with?

Thanks for the ideas GE-Biggs.

Ntfu2, I don't think it's the host. I've been using them for a few years with various accounts as well as recommending them to others, who have had no problems. The host I use is midphase.com. They're typically right on top of all service issues I've ever had.

Although, I will say that their fee of $30 for backup restoration has me a bit irked. Is that typical with other hosts?

They charged you $30? I had to have mine restored because I goofed it up when I first got it and mine didn't charge me a thing.

I hope someone here can help you get your site more secure..good luck with it.

Yeah, I think that's a bit cheesy to charge for it. They didn't use to. Only thing I can complain about with their service though.

I haven't had them do it yet though, as I'm trying to figure out how to use my sql database backup (the one from the acp) to sort the site. Can't get that figured out just yet though. I can't find the "browse" button from the SQL area in phpmyadmin. vb docs as well as the tutorial on here say it's there but I simply cannot find it. Frustrating to say the least. Meanwhile time goes by as the site is down. :\

Thanks for the positive thoughts FLMom. :)

You are welcome! Wish I could help more, but its all too new to me.

How do you know their religion???

Before this turns into a religion thread, nobody is stating that these hackers indeed are Muslims, only that someone is hacking websites, and leave text suggesting that it was a muslim group that hacked the website.

But who else is there to blame? Thats what my TV says. I would suggest moving hosts all together. Also, I changed the name of most of my vb directories. And use httaccess for extra protection.

Right, it has nothing to do with religion. I actually doubt they're Muslim at all, they're probably just some internet "taggers" who are blaming their handiwork on the "hot topic" (and I don't mean that shop that sells the goth type clothes). ;)

Anyway, they've managed to get the site down AGAIN. I'm really perturbed now.

Anyone up for helping to do some security work on my site? I could pay a bit (please don't move this thread to "services") if need-be or even do some work-in-kind.

I'm going to go around .org tonight copying out links to all of the "make your site more secure" threads and try to do as many of them as possible.

You can't just blame muslims for it, theres plaenty of other hackers out there too, the way your saying it it sounds like your blaming the religon, there no need to say 'muslim hackers' why couldnt you of just said hacker eh.

He doesn't, he states that the hackers in question left behind a Muslim page.

He put the word Muslim inside inverted commas, clearly pointing out his feeling that it is a hacker making out that they are Muslim.

@Krahl: Do you have ssh (Shell Access)? It is the easiest way to import a backup of your database.

If not: phpmyadmin - click the SQL link or Button. You should have a Browse button on the resulting page.

A note to everyone:

All posts relating to Religious debate will be removed from this thread.

This thread is about the fact that a site was hacked, not the pros or cons of any one religion.

*edit* I have amended the thread title as it was inflaming people. :)

good move kall :). As for the problem, has this been happening to your website again lately? Also make sure that you at least have a blank index page in the directories that you don't have a index page in. This way you will protect more files.

@Krahl: In your first post you mentioned that the perpetrator(s) gained access to "an admin account". How many admin accounts do you have?


@Sean S: Nice site. :)

Thanks bro, I appericiate it :)