Hacked
- Thread starter Prince
- Start date
- Status
18 comments
IPB can take my license down because I'm warez forum you know and this against their TOS.
I added ACP security mod to prevent anyone access my ACP.
He didn't changed FTP and control panel passwords, he was playing on the site itself.
How I prevent anyone from screwing up my database
What needed permissions need to SQL database user, may be I set it have not needed permission.
I added ACP security mod to prevent anyone access my ACP.
He didn't changed FTP and control panel passwords, he was playing on the site itself.
How I prevent anyone from screwing up my database
What needed permissions need to SQL database user, may be I set it have not needed permission.
Baby Jesus
Active Member
I'd add a .htaccess login to your admin folder (I haven't used IPB in a long time but I assume the admin control panel has it's own folder, no?), then you're pretty much safe... Not much they can do unless they have a higher level of access such as ssh, ftp, etc.
Thanks for advices 
These people post RapidShare phishers in my forum and it seems banning them pissed them off.
It was a war from two days ago, on taking the control on the forum.
They banned me and I returned myself by playing in mysql and banned them all and their IPs.
Actually they failed to take control, so they played on SQL as I did. :mad:
But Cpanel do daily backups so all they done is undone.
I added tougher protection, I added .htaccess with deny all IP except mine.
Google it for more info on how you do it, added very tough protections on ACP.
Last thing need new Firewall script to prevent SQL injection, it seem IPB latest version don't beat it.
These people post RapidShare phishers in my forum and it seems banning them pissed them off.
It was a war from two days ago, on taking the control on the forum.
They banned me and I returned myself by playing in mysql and banned them all and their IPs.
Actually they failed to take control, so they played on SQL as I did. :mad:
But Cpanel do daily backups so all they done is undone.
I added tougher protection, I added .htaccess with deny all IP except mine.
Google it for more info on how you do it, added very tough protections on ACP.
Last thing need new Firewall script to prevent SQL injection, it seem IPB latest version don't beat it.
Golden Falcon
Active Member
No need everyone to hijack the topic and transform it to a joke because if you got hacked it never be a joke, who want to reply here with advice is welcome.
For sure ACP only not the whole forum, I talking in whole topic on People access your ACP and try to read whole topic first.
For sure ACP only not the whole forum, I talking in whole topic on People access your ACP and try to read whole topic first.
Thats what I wanted to say lol, just rename your folder to something random, normally he will not be able to see the new folder the admincp is in
If everyone isn't doing this, then they should. It is a very simple and easy thing to do and can slow down the process of your board getting "h4x0r3d".
@Prodigy
Even if I renamed ACP folder in previous host, he managed to know the new name of it and he beaten htaccess too, but after I added Deny All IP except the admins IPs, this step stopped him from entering it.
So we dealing here with someone has experience and he was well aware of site flaws and security holes, it has noting to with "h4x0r3d".
When moved, my forum become more safer.
So it has nothing to do with securty setting by us too.
The lesson I learnt from that, is not go to someone sell hosting with very cheap prices and a lot of advantages for low fees.
Even if I renamed ACP folder in previous host, he managed to know the new name of it and he beaten htaccess too, but after I added Deny All IP except the admins IPs, this step stopped him from entering it.
So we dealing here with someone has experience and he was well aware of site flaws and security holes, it has noting to with "h4x0r3d".
When moved, my forum become more safer.
So it has nothing to do with securty setting by us too.
The lesson I learnt from that, is not go to someone sell hosting with very cheap prices and a lot of advantages for low fees.
All of that was because some was trying to hack the server, it seems the attacker managed to do it, and he just was playing with me.
I left it at once to another host and all of that gone and the server of old host fully crashed and old host emailed me about coming back the free extra time.
That taught me that not everybody give hosting with small fees is better, experience always needed to secure your hosting very well.
I left it at once to another host and all of that gone and the server of old host fully crashed and old host emailed me about coming back the free extra time.
That taught me that not everybody give hosting with small fees is better, experience always needed to secure your hosting very well.
well i m sorry i just read the prob in post 1 and not the solutions provided
Well dat guy can access ur SQL database and therefore he can do all dat u mentioned
u need to add a firewall to ur server
in short it is a SQL attack
** That uer must hav given u a file to upload on ur host and u must hav done it by mistake **
Well dat guy can access ur SQL database and therefore he can do all dat u mentioned
u need to add a firewall to ur server
in short it is a SQL attack
** That uer must hav given u a file to upload on ur host and u must hav done it by mistake **
- Status