Board hacked - Mac OS Big Sur

[Lauren3]

Our board has been repeatedly hacked, the php files into the root dir has been modified or erased. Content in any dir, included "uploads" has been totally destroyed. Any ideas?

 

Edited June 14, 2022 by Lauren3

[Marc]

Sorry, Im a little confused as to the relevance of the screenshot there. Nothing on there indicated any changes to PHP files. If files are being changed however, you would need to contact your hosting company on this to see how this has happened. Users cannot directly change any PHP files within the software itself. 

[Lauren3]

Just now, Marc Stridgen said:

Sorry, Im a little confused as to the relevance of the screenshot there. Nothing on there indicated any changes to PHP files. If files are being changed however, you would need to contact your hosting company on this to see how this has happened. Users cannot directly change any PHP files within the software itself. 

I posted this screenshot to get the configuration. Actually it's been fully restored.

5 minutes ago, Marc Stridgen said:

Sorry, Im a little confused as to the relevance of the screenshot there. Nothing on there indicated any changes to PHP files. If files are being changed however, you would need to contact your hosting company on this to see how this has happened. Users cannot directly change any PHP files within the software itself. 

We are running IPB since 2003, and it's the first time we are experiencing that issue. It's a dedicated server running 4 websites, 3 Wordpress and 1 IPB. The Wordpress sites has been compromised too, but security tools are doing great. Is there any tools we can run to secure IPB?

[Marc]

You would not be securing the software, its your server you would be securing. As mentioned in  your othe rpost, you really need to contact your hosting company if this is happening. People will not be accessing and changing files through the software