Someone hacked into my site

[Bryan G]

On my domain http://michiganliving.com someone hacked into it and changed the page, I was running phbb and now they have some kind of JavaScript forwarding to another page.
Is there a way I can recover without having to loose all the posts that were in the forum?

[Bryan G]

I turned off javascript and now I can log into the admin section, I found where they added some script, they added javascript to where you place "site description" and changed the script path, but it's still hacked, and I can't find any other things that look wrong....

[Bryan G]

ok, the last place they had the javascript was where you name the category.
They either hacked my username/password or they know the layout of phbb and they just called up the page they wanted like http://michiganliving.com/admin/file.???
Is there a way to stop them from going any deeper than the root dir?

[NIS-Francisco]

Quote:

Originally Posted by Bryan G

ok, the last place they had the javascript was where you name the category.
They either hacked my username/password or they know the layout of phbb and they just called up the page they wanted like http://michiganliving.com/admin/file.???
Is there a way to stop them from going any deeper than the root dir?

Hello,

PHPbb is one of the most insecure Forum software we have seen, since the worm that was surrounding the internet last time (around 8 months ago or so).

Best option you have is migrate to www.SimpleMachines.org which is better, faster and secure.

If you want to keep running phpBB at your own risk, load a backup from last week and restore it. After you do that UPDATE the phpbb software to the latest version on www.phpbb.com

Let me know if you have any questions

[Bryan G]

Quote:

Originally Posted by NIS-Francisco

Hello,

PHPbb is one of the most insecure Forum software we have seen, since the worm that was surrounding the internet last time (around 8 months ago or so).

Best option you have is migrate to www.SimpleMachines.org which is better, faster and secure.

If you want to keep running phpBB at your own risk, load a backup from last week and restore it. After you do that UPDATE the phpbb software to the latest version on www.phpbb.com

Let me know if you have any questions

I already got everything up and running again, it's not a big hack, they just added some JavaScript in a few spots and I was able to take it out.

I'm running SimpleMachines on my other sites, I just didn't want to switch this one because I didn't want loose what was in the database, even though it's not much. Now after this I'm probably going to switch anyway. None of this is a big deal, it's more or less a dead forum, only one user ever posts, but it's an easy way to keep the domain active, and it's a good one. I do plan on getting the site going again when I move back to Michigan.