Forum hacked with sig script help
4 posters
Page 1 of 1
Forum hacked with sig script help
Hi guys,
Logged on this morning to my forum after users reported problems,
And sure enough, got this dam stupid hack, the last 3 new members had caused a hack were a " stupid nano cat" thing popped up.
I have done my best through admin panels, to remove and ban the users responsible.
However a weird anomaly has me worried, when I now go in to remove the now" guest" posts they made, it logs me out and asks for my password.
So can anyone give me some ideas, on " have I done the right thing to clean up" how do I make sure it's been sorted properly.
And how do I get rid of there guest posts now in the forum.
Thanks
Toz
EDIT
Ok guys,
update, and something i can't fix,
Right now, I have narrowed it down to 3 new members, which I found a load of sig stuff that made the stupid hack appear whenever you entered a post or thread they were in.
Now solution, I then banned each user, went into admin, removed the sig stuff in each one, and then banned/removed them.
BUT, and here is the problem, I now see only "guest" were they posted, so now I'm trying to remove them.
But , I can delete "some" of them, but on some of the threads, when you enter them, it asked for your password, which of course I don't want to do.
Members are reporting the same thing about logging in.
One more weird anomaly, in my admin panel I notice this....
(Forbidden user name ) (Username Guest is forbidden)
Which is stopping me deleting the rest of the "guest"posts.
my forum is at....
http://crankygamersuk.forumotion.net/
Guys, could do with a bit of help, first on how to get rid of these guest posts, and really need to know why its asking for folks to reenter there passwords.
cheers
Logged on this morning to my forum after users reported problems,
And sure enough, got this dam stupid hack, the last 3 new members had caused a hack were a " stupid nano cat" thing popped up.
I have done my best through admin panels, to remove and ban the users responsible.
However a weird anomaly has me worried, when I now go in to remove the now" guest" posts they made, it logs me out and asks for my password.
So can anyone give me some ideas, on " have I done the right thing to clean up" how do I make sure it's been sorted properly.
And how do I get rid of there guest posts now in the forum.
Thanks
Toz
EDIT
Ok guys,
update, and something i can't fix,
Right now, I have narrowed it down to 3 new members, which I found a load of sig stuff that made the stupid hack appear whenever you entered a post or thread they were in.
Now solution, I then banned each user, went into admin, removed the sig stuff in each one, and then banned/removed them.
BUT, and here is the problem, I now see only "guest" were they posted, so now I'm trying to remove them.
But , I can delete "some" of them, but on some of the threads, when you enter them, it asked for your password, which of course I don't want to do.
Members are reporting the same thing about logging in.
One more weird anomaly, in my admin panel I notice this....
(Forbidden user name ) (Username Guest is forbidden)
Which is stopping me deleting the rest of the "guest"posts.
my forum is at....
http://crankygamersuk.forumotion.net/
Guys, could do with a bit of help, first on how to get rid of these guest posts, and really need to know why its asking for folks to reenter there passwords.
cheers
tozol- Forumember
- Posts : 32
Reputation : 1
Language : english
Re: Forum hacked with sig script help
OK Update.
We got an email from the "supposed " hacker, actually telling us to just disable HTML, and told us to stop using formulation.
now, this did fix it.this allowed us back in to finally delete all the now "guest"
the massive worry for me, this last hacker actually got into admin, and only quick thinking by me stopped him and deleted him.
now the only way this was possible in my eyes, was what I said earlier, when clicking the posts, it looked like it logged us out, and then re-enter passwords, that is how this person then must have got in to be an admin.
Luckily I dont think the damage was big, I have now made sure that I have updated to a proper password.
The very big thing to note, when this so called "hack" was going on, I noticed at the last minute what looked like much tabbed windows upon windows, that was when I realized something was wrong.
I would really like an admin reply here, as to whats happened, and what can be down to stop it.
This is not good he got in to admin, if the HTML dissallow has fixed it then great, but folks need to be aware.
And before anyone says its someone who knows you, I'm the only admin on it, and have been since the start.
ONE final thing....
someone please at least answer me, how can we stop this HTML problem??, and ill tell you why.
OK disabling has stopped our problem, but , it has had a very big effect on my forum, example.
we have a podcast, with a player that is HTML generated, so there is one problem
another signatures, some have HTML.
What I"m getting at here, is , surely there must be a fix to get round this problem, as we need html, but clearly it's open to attacks like this.
Help??
We got an email from the "supposed " hacker, actually telling us to just disable HTML, and told us to stop using formulation.
now, this did fix it.this allowed us back in to finally delete all the now "guest"
the massive worry for me, this last hacker actually got into admin, and only quick thinking by me stopped him and deleted him.
now the only way this was possible in my eyes, was what I said earlier, when clicking the posts, it looked like it logged us out, and then re-enter passwords, that is how this person then must have got in to be an admin.
Luckily I dont think the damage was big, I have now made sure that I have updated to a proper password.
The very big thing to note, when this so called "hack" was going on, I noticed at the last minute what looked like much tabbed windows upon windows, that was when I realized something was wrong.
I would really like an admin reply here, as to whats happened, and what can be down to stop it.
This is not good he got in to admin, if the HTML dissallow has fixed it then great, but folks need to be aware.
And before anyone says its someone who knows you, I'm the only admin on it, and have been since the start.
ONE final thing....
someone please at least answer me, how can we stop this HTML problem??, and ill tell you why.
OK disabling has stopped our problem, but , it has had a very big effect on my forum, example.
we have a podcast, with a player that is HTML generated, so there is one problem
another signatures, some have HTML.
What I"m getting at here, is , surely there must be a fix to get round this problem, as we need html, but clearly it's open to attacks like this.
Help??
Last edited by tozol on July 12th 2011, 2:47 pm; edited 1 time in total
tozol- Forumember
- Posts : 32
Reputation : 1
Language : english
Re: Forum hacked with sig script help
Well you already know what happened.
A person who has no life, just posted a buggy code which caused the problem. The best is to disabling html on your forum, whenever this happens. Sometimes, disabling the bbcode is required too.
A person who has no life, just posted a buggy code which caused the problem. The best is to disabling html on your forum, whenever this happens. Sometimes, disabling the bbcode is required too.
Sanket- ForumGuru
- Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai
Re: Forum hacked with sig script help
Sanket wrote:Well you already know what happened.
A person who has no life, just posted a buggy code which caused the problem. The best is to disabling html on your forum, whenever this happens. Sometimes, disabling the bbcode is required too.
Thanks to the reply
But as you can see from my last edit, we need HTML for important things, how do we sort this out, or can we.?
tozol- Forumember
- Posts : 32
Reputation : 1
Language : english
Re: Forum hacked with sig script help
You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Forum hacked with sig script help
slg wrote:You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.
thanks for the reply, but not to sound stupid..why would I do that, so they can just come back and do it again.?
It would turn in to a running battle of never ending clean up.
tozol- Forumember
- Posts : 32
Reputation : 1
Language : english
Re: Forum hacked with sig script help
Well, considering a lot of sites are vulnerable to XSS or SQL or other variations of languages, then the only thing to do is to ban the IP of the user, if the person is untraceable then search around.tozol wrote:slg wrote:You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.
thanks for the reply, but not to sound stupid..why would I do that, so they can just come back and do it again.?
It would turn in to a running battle of never ending clean up.
Similar topics
» embed Script code in forum? (<script </script>)
» [JAVA script]How to set a countdown script to forum/portal?
» How to Add a PHP script to "the root of my forum script" ?
» forum script
» Script help and forum help
» [JAVA script]How to set a countdown script to forum/portal?
» How to Add a PHP script to "the root of my forum script" ?
» forum script
» Script help and forum help
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum