Hacked!

[Jernet]

Was wondering if anyone was familiar with the type of hack I am dealing with at my site http://conception-tips.com/index.php ?

I was told it was a 'sql injection'. Never heard of it. It appears the hackers page is somehow showing over my homepage. If you do a 'view source' of the page you can see the scripting they are using, but I cannot find it in my files or database anywhere. Any ideas? It has been over 24 hours now and I still cannot figure this out :greensigh:

 

[nts]

Hard to say exactly what they did, but I know how they got in.

You are running an old copy of phpBB, 2.0.11 (current version is 2.0.21). The hackers used an sql injection hole, found in 2.0.11, to get in. This means that they used a flaw in phpBB to execute (or inject) whatever SQL query they want. I'd recommend updating to the latest version of phpBB.

 

[Jernet]

Yep, was just reading about that. I have my host looking at it now but not sure they are finding anything. I would love to run into some of these people and just beat the sh*t out of them....

 

[gdubz]

This makes me wanna switch to vbulletin, i heard the security for vb is alot better

 

[POLiSH]

I would love to run into some of these people and just beat the sh*t out of them....

I just do it that way.

 

[linkdomain]

This makes me wanna switch to vbulletin, i heard the security for vb is alot better

any script you don't keep up to date is MUCH more vulnerable.

 

[MrDude]

PM Sent to you
I should be able to fix and patch your forum for you
I hate it when this crap happens