Security breach at Login.php

[Maxtor]

I have found this strange code at my Login.php . please check and let me know.

 

 

[opentype]

Yeah, looks like your site was hacked and someone is stealing the user login data. 

[Miss_B]

What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p.

What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.

[Maxtor]

1 hour ago, Miss_B said:

What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p.

What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.

 

I'm using the latest version always.

also all plug-ins are bought from marketplace.

 

last edit of login.php is November 2020.

[Thomas P]

Do you have FTP enabled or SFTP only? Maybe a good idea to use 2FA, new passwords for Admin & root accounts and SFTP access.
You can check server logs for suspicious access and check your PC, as well.

[Miss_B]

38 minutes ago, Maxtor said:

 

I'm using the latest version always.

also all plug-ins are bought from marketplace.

 

last edit of login.php is November 2020.

Do you have any other third party scripts running in your server, like wordpress for ex?

What did your host say btw? 

[Maxtor]

6 hours ago, Miss_B said:

Do you have any other third party scripts running in your server, like wordpress for ex?

What did your host say btw? 

yes there is wordpress too , at different domain / folder but same host.

[Kyle F]

Where is the login.php file located? 4.4.10

[Maxtor]

3 hours ago, Kyle F said:

Where is the login.php file located? 4.4.10

/public_html/system/Login/Login.php

Invision Community v4.5.4.2

[Maxtor]

How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db?

[Miss_B]

12 hours ago, Maxtor said:

How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db?

You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). 

Did you ask your host btw to check their access logs?

[Maxtor]

2 hours ago, Miss_B said:

You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). 

Did you ask your host btw to check their access logs?

yes but last edit was Octomber 2020. let me contact them  and let you know.

[CaliPilot]

On 5/16/2021 at 2:25 AM, Maxtor said:

I have found this strange code at my Login.php . please check and let me know.

 

 

Wow "nice" find. How did you found it? Any strange things happend on your site?

 

Chris

 

 

[Maxtor]

2 hours ago, CaliPilot said:

Wow "nice" find. How did you found it? Any strange things happend on your site?

 

Chris

If you click Support->Something isn't working correctly , it verify all IPS files with original .