SMF 2.0.18 has been released! Please update. Read more.
Started by vHawkeyev, May 01, 2009, 10:47:02 AM
Quote from: chrishicks on May 09, 2009, 11:46:37 PMEver think these hackers come here to see what everyone is saying for future research? It wouldn't be hard to come here, look around at all these posts and see what everyone is saying on how to prevent the attacks and then just adjust to our adjustments. Plus, with all the websites listed all around the board they have an unlimited supply of potential victims.
Quote from: tjhanes on May 10, 2009, 06:07:37 AM... however many of my member avatars are still not working. So i am assuming, my site must still be affected by that accounts attack. Yet, I looked through my PHP files and did not find any of the above listed code embedded in them.Can someone offer any guidance as to where i should be looking so that I can attempt to remove them? Or could i have not been attached (even though he was a member) and my avatar problem caused by something else? Although i find it unlikely becuase the problems did begin shortly after he was a member.Thanx.
<?php /**/eval(base64_decode(' [color=red]note, there was a very long string of letters and digits here I removed for clarity[/color]=')); ?><?php
Quote from: WillyP on May 10, 2009, 04:49:04 PMMy forum showed no signs of the affliction... a wiki installation on the same domain errored out, thats how I knew there was a problem.
Quote from: Polymath on May 10, 2009, 09:33:31 PMRight..In my /FCKeditor/editor/filemanager/browser/default/images/icons the is folder called /32with something like 2500 files..(no extension) and they are all numbered something like 26ca85f79bc46b4e6ae3a1f00f679fb3Are these part of SMF or this blokes stuff..?? safe to delete?
Quote<H> I had zero posts when I started posting
QuoteFCKeditor is not part of SMF. Some mods (TinyPortal, for example) seem to install it.
Quote from: Polymath on May 10, 2009, 11:08:39 PMQuoteFCKeditor is not part of SMF. Some mods (TinyPortal, for example) seem to install it. Thats nice. Do I remove folder called /32 with all that stuff in it? Is it part of this hacker
QuoteAs a precautionary measure, I suggest disabling all kind of uploads...
Quote from: DirtRider on May 11, 2009, 03:48:01 AMWhat about if your are running a gallery