These hackers have me fed up!
 

Hi folks,

I'm in need of some advice and help, really.

I was having a few issues with someone hacking an admin account (they apparently took control of more than just that one account) on a site I admin which was running 3.5.3. We had a running battle for a few weeks. After I upgraded to 3.5.4, the attacks stopped for a few days. They then started back up. All along, all the person(s) were doing was changing (defacing) forumhome.

That changed finally, as they have now deleted my forum structure and posts as well as defaced the front page, forumhome and I don't know what all else (that seems to be all though). They created three new forums and one post, concerning a muslim political commentary.

I have a backup of the database (one week old) and my host can also restore it from last week if need be. I have the server access logs as well as my ACP logs. The site is currently turned off until I figure out how to stop these attacks.

I'm wondering if anyone has suggestions at this point for what I should do? I might be interested in getting some help as well, perhaps someone to look it over and also help restore the database properly.

Any input would be greatly appreciated.

:)

this post has some good points related to your question, it should help a lot https://vborg.vbsupport.ru/showthread.php?t=118613 :)

Thanks for the link Sean. :) I've read through that prior and have done some of the things recommended therein.

I'm having a hard time figuring out how the heck they keep getting control. I would really like to get some resolution wiithout reinstalling the entire board from scratch too, but I'm not sure where to look at this point. I do have the server logs too, but cripes, it's huge and I actually am not even sure what to look for in it.

:confused:

Incase you overlook the new replies to that other thread.

Heres one idea, if you do everything correct, and follow the suggestions given in this thread, and it still happens again, you might try to check you pc for any tojans, keyloggers, etc. that is assuming that you havent already.. You never know it could be something as simple as your PC being compromised, wouldn't be the first time that has happened to someone.

Move servers, maybe your server is completely unsecure, may i ask who you host with?

Thanks for the ideas GE-Biggs.

Ntfu2, I don't think it's the host. I've been using them for a few years with various accounts as well as recommending them to others, who have had no problems. The host I use is midphase.com. They're typically right on top of all service issues I've ever had.

Although, I will say that their fee of $30 for backup restoration has me a bit irked. Is that typical with other hosts?

They charged you $30? I had to have mine restored because I goofed it up when I first got it and mine didn't charge me a thing.

I hope someone here can help you get your site more secure..good luck with it.

Yeah, I think that's a bit cheesy to charge for it. They didn't use to. Only thing I can complain about with their service though.

I haven't had them do it yet though, as I'm trying to figure out how to use my sql database backup (the one from the acp) to sort the site. Can't get that figured out just yet though. I can't find the "browse" button from the SQL area in phpmyadmin. vb docs as well as the tutorial on here say it's there but I simply cannot find it. Frustrating to say the least. Meanwhile time goes by as the site is down. :\

Thanks for the positive thoughts FLMom. :)

You are welcome! Wish I could help more, but its all too new to me.

How do you know their religion???