bwyatt

Okay. Been speaking with him, should have got it sorted now. Despite the fact that the IPB guide says cache etc should be 777, they work fine on 755. Someone please tell me why we're asked to chmod to 777 when 755 works fine?

I've been hacked again. Someone doesn't like me.

My database got messed up, so I repaired and all seems well. Is there no way I can repel these attacks? I can't do anything else security wise. :@

I'm pretty sure if they know how to use/code a script and have the intention to hack, they wouldn't be looking on the official forum of a product they want to break into for ideas. ;)

Okay, I did some searching. Obvious place, I checked /cache/. There a malicious script lay.

Code: http://pastebin.com/m41f6909e

Removing all instances now.

Cheers.

PS. Thanks for the backup cron tutorial, I changed it to do my sql every night, it's great. :)

Yesterday, I was hacked. They rewrote index.php to contain their own crap, so I replaced it with my own and all seemed well. I was running 2.3.5, I googled exploits and there were a few, so I wasted no time in purchasing another 6 months and upgrading to 3.0.2. I changed the passwords for FTP, cPanel, my account and those of my staff. I locked down as much as I could to prevent it happening again.

I don't know how they did it, or if they did anything to my SQL - and that's my question.

Is there a way to find out if my SQL has been tinkered in any way?

There are tons of tables and indexes and so on, so it would be impractical for me to search everything manually.

I've never had this before, so any advice would be lovely.

Cheers guys.

PS. I posted this in here because it's about SQL, and thus technically falls into server stuff... I guess. Sorry if I'm wrong!

I sincerely agree.

Good show IPS. :)