Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted May 16, 20214 yr I have found this strange code at my Login.php . please check and let me know.
May 16, 20214 yr Community Expert Yeah, looks like your site was hacked and someone is stealing the user login data.
May 16, 20214 yr Community Expert What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.
May 16, 20214 yr Author 1 hour ago, Miss_B said: What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe. I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020.
May 16, 20214 yr Do you have FTP enabled or SFTP only? Maybe a good idea to use 2FA, new passwords for Admin & root accounts and SFTP access. You can check server logs for suspicious access and check your PC, as well.
May 16, 20214 yr Community Expert 38 minutes ago, Maxtor said: I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020. Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw?
May 16, 20214 yr Author 6 hours ago, Miss_B said: Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw? yes there is wordpress too , at different domain / folder but same host.
May 16, 20214 yr Author 3 hours ago, Kyle F said: Where is the login.php file located? 4.4.10 /public_html/system/Login/Login.php Invision Community v4.5.4.2
May 16, 20214 yr Author How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db?
May 17, 20214 yr Community Expert 12 hours ago, Maxtor said: How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db? You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs?
May 17, 20214 yr Author 2 hours ago, Miss_B said: You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs? yes but last edit was Octomber 2020. let me contact them and let you know.
May 18, 20214 yr On 5/16/2021 at 2:25 AM, Maxtor said: I have found this strange code at my Login.php . please check and let me know. Wow "nice" find. How did you found it? Any strange things happend on your site? Chris
May 18, 20214 yr Author 2 hours ago, CaliPilot said: Wow "nice" find. How did you found it? Any strange things happend on your site? Chris If you click Support->Something isn't working correctly , it verify all IPS files with original .