Admins of Frihost. Please help me check my forums. There is a hacker recently and kept hacking my forums.
My previous PhpBB also got hacked.. today my new smf got hacked agin!.. Admins please look into this and help me.. Although i have a backup, I do not wish to keep having it hacked.
http://waiteck.frihost.net/mmoropg/index.php Do you always update them when new versions come out?
yes they are.. always updated. me myself as admin.. noone knows my password.
sorry to be off topic but when i go to yoursite i get forwarded to
http://enugen.ca/, im assuming thats just a domain you have but...
its a site about a Ragnarok "private" server... and im not sure thats thats allowed.
Even if your just forwarding to it from a frihost account not 100% sure if you should be doing that. opps sorry.. wrong redirection.. err. try this http://doroforums.cjb.net
err.. i know that it is not allowed.. but it just a forum? with no download content about the private server on frihost.
Well.. admins please check me check about the hacker. he caused me alot of headaches.. 1-2 days my forums get hacked even after changing version and forum type. | waiteck wrote: |
opps sorry.. wrong redirection.. err. try this http://doroforums.cjb.net
err.. i know that it is not allowed.. but it just a forum? with no download content about the private server on frihost.
Well.. admins please check me check about the hacker. he caused me alot of headaches.. 1-2 days my forums get hacked even after changing version and forum type. |
I can't do much about that hacker, only give you a new subdomain/password. But certainly get rid of that pop-up on the website you gave us.sorry for the pop ups lol.. its the cjb redirection service.. .co.nr is currently not accepting request till september.. So i temp use cjb.. btw.. How do i track what or who meddled with my forum after it was hacked?
| waiteck wrote: |
| sorry for the pop ups lol.. its the cjb redirection service.. .co.nr is currently not accepting request till september.. So i temp use cjb.. btw.. How do i track what or who meddled with my forum after it was hacked? |
I don't know, maybe check your log files, see who used it while it was hacked. BTW, you can try out afraid.org for a subdomain or just keep ours. 
Glad to see you're using SMF... Maybe you should install SMFShop 
And what do you mean by 'it was hacked'? Do you mean that someone deleted some posts, or passwords were changed, or the forum became inaccessible, or something else???
Check your server log files (using cPanel) to see who accessed your site at the time. If you want information about a particular IP address, you can do a whois on the IP. The whois will return the country, ISP, and contact address/phone number for that IP. There are lots of websites that allow you to do whois lookups, such as www.dnsstuff.com Are you the only admin?
Did you use any other modifications?
I think the scripts you mentioned are quite highly secured, the only thing I can think of why it is being hacked...just could be someone guessing your passwords or you are using the same password elsewhere...
Okay.. Firstly.. the person meddled with the config.. then deleted all the boards. And my passwords were personal. I dont use the same password elsewhere. And I am the only administrator.
But weird.. he only meddled with the Edit Features and Options. But not the Edit Server Settings.. So i guess he is not using any admin account to enter it.
Last edited by waiteck on Sat Aug 20, 2005 3:51 am; edited 1 time in total
btw.. thx daniel.. i got this ip from the logs. 84.31.132.43
Perhaps u should be kept informed of the newest patch from SMF
or u can change to UBB/VBB
My SMF was the latest version. vBB? err.. i thought that it cannot be installed on frihost?
| waiteck wrote: |
| My SMF was the latest version. vBB? err.. i thought that it cannot be installed on frihost? |
vBB can be installed on frihost, with a valid and legal licence showed to Bondings. | n0obie4life wrote: |
| vBB can be installed on frihost, with a valid and legal licence showed to Bondings. |
This means in real language: no. (that license costs a lot)Make sure you're using a secure password for the MySQL database (my database passwords are usually really long passwords with no real meaning at all 
The IP address you posted is located in the Netherlands. You can view information about this IP Address here: http://www.dnsstuff.com/tools/whois.ch?ip=84.31.132.43&server=whois.ripe.net&email=on
The 'abuse' email address listed for this IP is abuse AT home DOT nl. You may wish to send an email if this IP continues hacking your site. there are somethings u could do to avoid getting hacked always ,
1: change ur mysql pass (dont use the Frihostemail server)
2:set the config file to 444
3:check ur logs for the ip of the hackers , banned that ip from the forum ,
4:if u want u can change the location of the admin folder or rename it ,but this will be a big task ,so u will have to seek help from Smf
Well.. Thanks everyone for your help in telling me what to do.
