Forum Database Deleted

[Clark]

Howdy,

 

It seems that the forum database has been deleted.

 

Has the account been hacked again???

 

Clark

[Jerroyd Moore]

Hi Clark,

That is unfortunate.  Was there any trace of the hacker?  Was there any malicious files you noticed on the file server?  Tim, did the hosting company send us an e-mail of any sort?

--Jerroyd

[Clark]

Yeah there was one in the db directory and one in the backup directory in the database directory.

 

File is attached….I’ve removed them from the server but have a copies of them.

 

Lots of CURL commands and base_encode and other stuff.

 

I managed to restore a six month version of the forum database which I accidentally uploaded to the wrong directory back in March so we’re only losing 6 months worth of posts etc.

 

Clark

 

---

[Jerroyd Moore]

I cannot see the file, but was it written in PHP?  The db directory should be completely inaccessible from the browser.

I cannot think of any security leaks in our file server.  The test directory has been password protected.  And the only dynamic coding on myupb.com is the forum, the wiki, and I guess the upbupdater script.  Tim, do you know if the hosting company takes regular snap shots of our file server for backup purposes?  Can you guys think of any other vulnerability besides those scripts?  If not, the vulnerability lies in our script or in our host provider :-/

--Jerroyd

[Clark]

Hi again,

 

I’ll attach the files, they’re both written in php

 

101040.php was in the db directory and 18318.php was in the backup dir in the db directory