they hacked my forum !

[babylonking]

some one hacked only my index.php file....this what i saw when i browsed my forum.

<pre>
BUSH IS GAY!!! BUSH IS EVIL

STOP WAR AGAINST, STAY LOVE AND PEACE!!!

By dum.my and tum.my

From Malaysia With LOVE!
</pre>

My index.php was chmod 666   now i changed to  chmod 664 .........but why in yabbse manual installation i have to chmod 666 the index.php file.
anyone  

[Chris Cromer]

What version of YaBBSE are you using?

And did you install the security fix supplied by the YaBBSE Dev Team?

[babylonking]

am using  RC44 build ?

And did you install the security fix supplied by the YaBBSE Dev Team?

Nope  

[babylonking]

did you mean this fix  

Change:

Code:

include_once("$sourcedir/Packer.php");
// verify the user is an administrator
is_admin();


to

Code:

// verify the user is an administrator
is_admin();
include_once("$sourcedir/Packer.php");

[Chris Cromer]

Yeah, but that fix should be installed in 1.5.1. So I guess that isn't how they hacked your index.php file.

[babylonking]

My host they e-mail me this message:

We found your account "babylon" ran the script that allowed all other account to be hacked.  Our data center has closed off your  account entirely. We'll get back to you with further details.  


am only running yabbse forum in this host. http://www.berryhost.com/

[David]

Has your host provided you logs surrounding the attack?  If not, please ask for them.  Also please send them to me or one of the other devs so that we can try and find out what happened. My e-mail is [email protected]

[babylonking]

I sent e-mail asking them to provide me the attack logs and am still waiting for respond.

[Peter Duggan]

Did you remember to delete the installation files after it was originally installed?

[babylonking]

Yes i deleted the installation file.

[Chris Cromer]

Did you have attachements enabled?

And if they where, did you allow php files to be uploaded? Or did you set it so it didn't even check the file extension. Also did you let members upload attachments?

Just trying to find the source of the problem.

[babylonking]

Did you have attachements enabled?

And if they where, did you allow php files to be uploaded? Or did you set it so it didn't even check the file extension. Also did you let members upload attachments?

Yabbse attachment enabled only for admin.........but i installed photo gallery mod and enabled picture upload for all members.

[David]

Until your host gives you access logs, all anyone can do is guess.

[Spaceman-Spiff]

i think the photo gallery is quite safe, it has a function to clean post and get data, and the function is called everytime, before a page is loaded
but who knows... there might be some other way >_<

did the hacker alter/delete any file?
did he showed that msg through template.php?

[babylonking]

did the hacker alter/delete any file?
did he showed that msg through template.php?

They hacked only the index.php file....this what the hacker execute in my index file.

<pre>
BUSH IS GAY!!! BUSH IS EVIL

STOP WAR AGAINST, STAY LOVE AND PEACE!!!

By dum.my and tum.my

From Malaysia With LOVE!
</pre>