My forum was hacked

Igor Kokarev · May 30, 2016

Hi,

I updated my forum to latest v4.1.12.1 once I've received email notification 2-3 days ago. Yesterday my web hoster informed me that my server contains "finishing" pages. I discovered /login folder in the root with many unknown PHP files. So I deleted it. Then my SMTP server Postfix started to send many spam emails (around 100'000 per day!). And I don't know who sends this spam.

I tried to compare my forum files with new installation files - no lack. I see differences in some folders /datastore, /cache and some others. So I have no idea where is deleterious script.

I always instantly updated Invision forum. All configuration files are protected, I disabled dangerous PHP functions on my VPS. I have renamed /admin folder with password protection.

My VPS uses CentOS.

So I have no idea how to stop it.

Adlago · May 30, 2016

Test virus, for example

https://online.drweb.com/?url=1

Ahmad E. · May 30, 2016

PM me if you want me to take a quick look for you.

Igor Kokarev · May 31, 2016

Thanks for your advices.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

My forum was hacked

Recommended Posts

Igor Kokarev

Adlago

Ahmad E.

Igor Kokarev

Archived

Recently Browsing 0 members

More