Jump to content

Security breach at Login.php


Maxtor
 Share

Recommended Posts

What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p.

What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.

Link to comment
Share on other sites

1 hour ago, Miss_B said:

What version of Ipb are you using? If you are not using the latest, upgrade to it a.s.a.p.

What was the latest change done to your forum before you noticed it? If I were you I would alo run a check of the server space and ask the host to check their access logs and look for the poe.

 

I'm using the latest version always.

also all plug-ins are bought from marketplace.

 

last edit of login.php is November 2020.

Link to comment
Share on other sites

Do you have FTP enabled or SFTP only? Maybe a good idea to use 2FA, new passwords for Admin & root accounts and SFTP access.
You can check server logs for suspicious access and check your PC, as well.

Link to comment
Share on other sites

38 minutes ago, Maxtor said:

 

I'm using the latest version always.

also all plug-ins are bought from marketplace.

 

last edit of login.php is November 2020.

Do you have any other third party scripts running in your server, like wordpress for ex?

What did your host say btw? 

Link to comment
Share on other sites

6 hours ago, Miss_B said:

Do you have any other third party scripts running in your server, like wordpress for ex?

What did your host say btw? 

yes there is wordpress too , at different domain / folder but same host.

Link to comment
Share on other sites

12 hours ago, Maxtor said:

How can i wipe all files , reinstall IPS with same database , and then reinstall plugins without affecting plugins db?

You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). 

Did you ask your host btw to check their access logs?

Link to comment
Share on other sites

2 hours ago, Miss_B said:

You do not need to wipe out all the forum files, but you can overwrite them with a fresh set. That will clean up any infected file(s). 

Did you ask your host btw to check their access logs?

yes but last edit was Octomber 2020. let me contact them  and let you know.

Link to comment
Share on other sites

On 5/16/2021 at 2:25 AM, Maxtor said:

I have found this strange code at my Login.php . please check and let me know.

 

 

655249942_checkthis.thumb.png.e4c02b5bff37e55cd72252ac42c06008.png

Wow "nice" find. How did you found it? Any strange things happend on your site?

 

Chris

 

 

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...