View Single Post
  #7  
Old 01 Dec 2017, 12:33
CarolSEL CarolSEL is offline
 
Join Date: Aug 2010
Originally Posted by TheLastSuperman View Post
If the hacker gains access to the database they can alter their membergroup id #, if they have access to ftp (files) they can also assign themselves as a Super-Administrator per the config file - it's easy IF they have access but basically simply FTP access would allow you to also upload a file and interact with the database directly w/o the need for phpmyadmin or similar.
That makes sense, since host notified us about a month back that someone was attempting to access the FTP ports, so they changed the ports.

I did review the config file (and others) and didn't see signs of any changes to them. How would I find a file they uploaded?

--------------- Added 01 Dec 2017 at 12:38 ---------------

Originally Posted by Dave View Post
Your older forums weren't even in the public_html folder so the statement by your host is crap.
The only thing I can think of is that you had forumrunner enabled whilst not updating it to the latest version, it was vulnerable to something that allowed people to take over your forum.

I recommend upgrading your forum to the latest version and change the password of all administrator accounts.
Of course, it's still entirely possible that the hacker left a backdoor somewhere in your files, plugins or datastore cache.
Thanks. What does forumrunner actually do? I saw that the site owner had reactivated it, so I just turned it off. Will that stop members who use mobile devices from logging in?
Reply With Quote