[rolandogomez]

I understand about whether you were "hacked" or not. We where, via FlashChat, they inserted a file called 17-2.

Do a Google on "suidsafe exploit" and you'll see they are all over the Internet today with this thing. They were caught as they were going to root level, we pulled the server off line, deleted all the compromised files, then upgraded all our systems with new hard drives. The reason they were caught so fast, they tried running a "cron" that failed, so I got an email with the cron error--happened to be on line when they had done it.

A friend of mine with another popular photo forum was hacked with the same exploit on shared server the week prior, also running FC and VB 3.5. I'm not a programmer, but I can tell you my server provider, Rackspace.com did a fanatical job, we had to replace hard drives to be sure too.

Today a few hours ago with another attempt, via a "registered users only" forum, they tried to insert this: ">""********<**** **********=********* content="0;url=http://hastabeyinler.com/a"> **** > which I have part of in the "censored words" section as this, >>>> {http-equiv} "Refresh" """" By adding " >>>> {http-equiv} "Refresh" """" " (w/o the quote marks) it will add another layer of defense. The attemped hacker today went by the name of "dreamer" and the email is lll_dreampool_lll@hotmail.com and for his city he put "Ankara" and his IP was 85.101.1.4 resolves near there in a place called Kocaeli.

Oh well, we get attacked daily, and yes, we've been through hackers before, but we keep putting up layer after layer, someday perhaps they will all go away? (yea right).

For those worried about Turkish IP's, I've attached a list in the format you'd put in the banned IP list. Becareful, not sure if they block other IP's that are legit. For an even more precise list, go here, http://www.dnsstuff.com/pages/testbed.htm
and enter "Turkey" or whatever country you want--be careful in banning an entire country from your site--they can still use other methods and other IP's from other countries. This is just a "layer" of protection but will not stop them.

Oh, on the Cyb Topstats, we made it where the "form" where you can change the amount of results is only visible by "paid" members. Here is the code (crossing my fingers I can post this right)

Code:

<if condition="is_member_of($bbuserinfo, X, X, X, X, X,)">
			<form method="post">
			<input type="hidden" name="resultsnr" value="$resultsnr" />		
			<div class="smallfont">$vbphrase[cyb_results_more]<br /><input type="text" class="bginput" style="font-size:11px" name="resultsnr" value="$resultsnr" size="2" />&nbsp;<input type="submit" class="button" value="$vbphrase[cyb_results_more_show]" accesskey="s" /></div>
			<else />
							<b><font size="2" color="red" face="Arial,Helvetica,Geneva,Swiss,SunSans-Regular"> You must be a paid member for more stats options, up to 150 top results.</font></b></if></form>
							</td>
		<else />
			<td width="100%" class="alt1" align="center">
			$vbphrase[cyb_more_disabled]
			</td>
		</if>

Note: Replace "X" with your forum field ID's as appropriate. In the end, you can prevent, it just gets harder everyday. Wishing everyone the best, rg sends!