Maxtor Posted May 16, 2021 Share Posted May 16, 2021 I have found this strange code at my Login.php . please check and let me know. Link to comment Share on other sites More sharing options...
opentype Posted May 16, 2021 Share Posted May 16, 2021 Yeah, looks like your site was hacked and someone is stealing the user login data. Link to comment Share on other sites More sharing options...
Miss_B Posted May 16, 2021 Share Posted May 16, 2021 What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe. Link to comment Share on other sites More sharing options...
Maxtor Posted May 16, 2021 Author Share Posted May 16, 2021 1 hour ago, Miss_B said: What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p. What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe. I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020. Link to comment Share on other sites More sharing options...
Thomas P Posted May 16, 2021 Share Posted May 16, 2021 Do you have FTP enabled or SFTP only? Maybe a good idea to use 2FA, new passwords for Admin & root accounts and SFTP access. You can check server logs for suspicious access and check your PC, as well. Link to comment Share on other sites More sharing options...
Miss_B Posted May 16, 2021 Share Posted May 16, 2021 38 minutes ago, Maxtor said: I'm using the latest version always. also all plug-ins are bought from marketplace. last edit of login.php is November 2020. Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw? Link to comment Share on other sites More sharing options...
Maxtor Posted May 16, 2021 Author Share Posted May 16, 2021 6 hours ago, Miss_B said: Do you have any other third party scripts running in your server, like wordpress for ex? What did your host say btw? yes there is wordpress too , at different domain / folder but same host. Link to comment Share on other sites More sharing options...
Kyle F Posted May 16, 2021 Share Posted May 16, 2021 Where is the login.php file located? 4.4.10 Link to comment Share on other sites More sharing options...
Maxtor Posted May 16, 2021 Author Share Posted May 16, 2021 3 hours ago, Kyle F said: Where is the login.php file located? 4.4.10 /public_html/system/Login/Login.php Invision Community v4.5.4.2 Link to comment Share on other sites More sharing options...
Maxtor Posted May 16, 2021 Author Share Posted May 16, 2021 How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db? Link to comment Share on other sites More sharing options...
Miss_B Posted May 17, 2021 Share Posted May 17, 2021 12 hours ago, Maxtor said: How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db? You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs? Link to comment Share on other sites More sharing options...
Maxtor Posted May 17, 2021 Author Share Posted May 17, 2021 2 hours ago, Miss_B said: You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). Did you ask your host btw to check their access logs? yes but last edit was Octomber 2020. let me contact them and let you know. Link to comment Share on other sites More sharing options...
CaliPilot Posted May 18, 2021 Share Posted May 18, 2021 On 5/16/2021 at 2:25 AM, Maxtor said: I have found this strange code at my Login.php . please check and let me know. Wow "nice" find. How did you found it? Any strange things happend on your site? Chris Link to comment Share on other sites More sharing options...
Maxtor Posted May 18, 2021 Author Share Posted May 18, 2021 2 hours ago, CaliPilot said: Wow "nice" find. How did you found it? Any strange things happend on your site? Chris If you click Support->Something isn't working correctly , it verify all IPS files with original . CaliPilot and Brainy S. 2 Link to comment Share on other sites More sharing options...
Recommended Posts