Site hacked, dunno what to do

[Diddums]

Help!

Our site was hacked a while ago and taken offline by the host. It's a forum and as such we lost a load of information and posts. I'm looking to clean it up and get it fully functional again but don't really know where to start. Anyone able to point me in the right direction?

The URL is forevergaming.co.uk/forum

Thanks

 

[spookywillow]

probably better off in here https://forums.overclockers.co.uk/forumdisplay.php?f=41

 

[Mynight]

Grab your backups, theme and settings/databases. Make a couple copies if you haven't already.

Do you know how they got in and what they got? I would mass email everyone with an account informing them of the breach and you advise them to check the passwords they used to see if they're reused on other sites.

Blank everything on the server to factory.

Set up a landing page saying undergoing maintenance or something.

Install the base software on the server again.

Check your backups for things that are not supposed to be there. If they were to have added anything it'll probably be in your html/CSS/js. Check DBs for any extra users that have admin rights.

Once you're sure they're clean reupload and crack on.

 

[shifty_uk]

Diddums!


...Sorry, couldn't resist

 

[Gzero]

Check your temp directories for anything suspicious, and the register form. You'll probably find mass emailers and redirections floating around.

 

[DaleTheWhale]

As Mynight says, "Blank everything on the server to factory." it's highly likely they left something behind.

 

[Mynight]

Yeah that was rather poorly worded but the message is still there .

I should really sleep more .

Hopefully it's an obvious entry point like an out of date plugin/package if its not fixed they might come back.

 

[Cosimo]

Diddums!


...Sorry, couldn't resist

You forgot the "Aww"

 

[Diddums]

Cheers guys. I have no idea how they got in, really frustrating. I'm wondering if it's possible to save all the posts and restart from scratch, or would this be risky? I'd rather clean it out and start fresh than have the posts and risk it. Thing is, we have posts from members who sadly are no longer with us so I'd really like to keep what we have. Frustrating isn't the word.

 

[Diddums]

Ok, been thinnking about this. I want to back up all our posts and content and reinstall. Once that's done I'll reinstate our content but what I'd like to know is if it's possible to scan the site for anything malicious once it's done?

Anyone know of any tools for this?

 

[Adz]

Raise a ticket with said hosting company and ask for it to be escalated to Adam Smith. I have it on good authority he will help you clean/secure your site. Don't do anything before that.

 

[meandu229]

Do you know how much access did they have, you are running an old version of IP Boards which has security issues. Quick google shows a Proof of concept video on a sql injection attack on that version.
Always keep stuff like this upto date.

 

[Diddums]

Yeah, I've certainly learned my lesson this time

Thanks for the help, I'm going to back up the post sand reinstall the latest version, hopefully that'll sort it. If not it'll be a clean slate which I'm not too keen on.