Maxtor Posted May 16, 2021 Posted May 16, 2021 I have found this strange code at my Login.php . please check and let me know.
opentype Posted May 16, 2021 Posted May 16, 2021 Yeah, looks like your site was hacked and someone is stealing the user login data.
Miss_B Posted May 16, 2021 Posted May 16, 2021 What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.
Maxtor Posted May 16, 2021 Author Posted May 16, 2021 1 hour ago, Miss_B said: What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe. I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020.
Thomas P Posted May 16, 2021 Posted May 16, 2021 Do you have FTP enabled or SFTP only? Maybe a good idea to use 2FA, new passwords for Admin & root accounts and SFTP access. You can check server logs for suspicious access and check your PC, as well.
Miss_B Posted May 16, 2021 Posted May 16, 2021 38 minutes ago, Maxtor said: I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020. Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw?
Maxtor Posted May 16, 2021 Author Posted May 16, 2021 6 hours ago, Miss_B said: Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw? yes there is wordpress too , at different domain / folder but same host.
Maxtor Posted May 16, 2021 Author Posted May 16, 2021 3 hours ago, Kyle F said: Where is the login.php file located? 4.4.10 /public_html/system/Login/Login.php Invision Community v4.5.4.2
Maxtor Posted May 16, 2021 Author Posted May 16, 2021 How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db?
Miss_B Posted May 17, 2021 Posted May 17, 2021 12 hours ago, Maxtor said: How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db? You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs?
Maxtor Posted May 17, 2021 Author Posted May 17, 2021 2 hours ago, Miss_B said: You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs? yes but last edit was Octomber 2020. let me contact them and let you know.
CaliPilot Posted May 18, 2021 Posted May 18, 2021 On 5/16/2021 at 2:25 AM, Maxtor said: I have found this strange code at my Login.php . please check and let me know. Wow "nice" find. How did you found it? Any strange things happend on your site? Chris
Maxtor Posted May 18, 2021 Author Posted May 18, 2021 2 hours ago, CaliPilot said: Wow "nice" find. How did you found it? Any strange things happend on your site? Chris If you click Support->Something isn't working correctly , it verify all IPS files with original . Brainy S. and CaliPilot 2
Recommended Posts