The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Forum hacked with sig script help

View previous topic View next topic Go down

Forum hacked with sig script help

Post by tozol on July 12th 2011, 10:03 am

Hi guys,

Logged on this morning to my forum after users reported problems,
And sure enough, got this dam stupid hack, the last 3 new members had caused a hack were a " stupid nano cat" thing popped up.

I have done my best through admin panels, to remove and ban the users responsible.

However a weird anomaly has me worried, when I now go in to remove the now" guest" posts they made, it logs me out and asks for my password.

So can anyone give me some ideas, on " have I done the right thing to clean up" how do I make sure it's been sorted properly.
And how do I get rid of there guest posts now in the forum.

Thanks

Toz


EDIT

Ok guys,
update, and something i can't fix,

Right now, I have narrowed it down to 3 new members, which I found a load of sig stuff that made the stupid hack appear whenever you entered a post or thread they were in.

Now solution, I then banned each user, went into admin, removed the sig stuff in each one, and then banned/removed them.
BUT, and here is the problem, I now see only "guest" were they posted, so now I'm trying to remove them.
But , I can delete "some" of them, but on some of the threads, when you enter them, it asked for your password, which of course I don't want to do.

Members are reporting the same thing about logging in.

One more weird anomaly, in my admin panel I notice this....
(Forbidden user name ) (Username Guest is forbidden)

Which is stopping me deleting the rest of the "guest"posts.

my forum is at....
http://crankygamersuk.forumotion.net/

Guys, could do with a bit of help, first on how to get rid of these guest posts, and really need to know why its asking for folks to reenter there passwords.

cheers

tozol
Forumember

Male Posts : 32
Reputation : 1
Language : english

Back to top Go down

Re: Forum hacked with sig script help

Post by tozol on July 12th 2011, 12:04 pm

OK Update.

We got an email from the "supposed " hacker, actually telling us to just disable HTML, and told us to stop using formulation.

now, this did fix it.this allowed us back in to finally delete all the now "guest"

the massive worry for me, this last hacker actually got into admin, and only quick thinking by me stopped him and deleted him.

now the only way this was possible in my eyes, was what I said earlier, when clicking the posts, it looked like it logged us out, and then re-enter passwords, that is how this person then must have got in to be an admin.

Luckily I dont think the damage was big, I have now made sure that I have updated to a proper password.

The very big thing to note, when this so called "hack" was going on, I noticed at the last minute what looked like much tabbed windows upon windows, that was when I realized something was wrong.

I would really like an admin reply here, as to whats happened, and what can be down to stop it.
This is not good he got in to admin, if the HTML dissallow has fixed it then great, but folks need to be aware.

And before anyone says its someone who knows you, I'm the only admin on it, and have been since the start.


ONE final thing....

someone please at least answer me, how can we stop this HTML problem??, and ill tell you why.

OK disabling has stopped our problem, but , it has had a very big effect on my forum, example.
we have a podcast, with a player that is HTML generated, so there is one problem
another signatures, some have HTML.

What I"m getting at here, is , surely there must be a fix to get round this problem, as we need html, but clearly it's open to attacks like this.

Help??



Last edited by tozol on July 12th 2011, 2:47 pm; edited 1 time in total

tozol
Forumember

Male Posts : 32
Reputation : 1
Language : english

Back to top Go down

Re: Forum hacked with sig script help

Post by Sanket on July 12th 2011, 2:35 pm

Well you already know what happened.

A person who has no life, just posted a buggy code which caused the problem. The best is to disabling html on your forum, whenever this happens. Sometimes, disabling the bbcode is required too.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Re: Forum hacked with sig script help

Post by tozol on July 12th 2011, 2:48 pm

@Sanket wrote:Well you already know what happened.

A person who has no life, just posted a buggy code which caused the problem. The best is to disabling html on your forum, whenever this happens. Sometimes, disabling the bbcode is required too.

Thanks to the reply
But as you can see from my last edit, we need HTML for important things, how do we sort this out, or can we.?

tozol
Forumember

Male Posts : 32
Reputation : 1
Language : english

Back to top Go down

Re: Forum hacked with sig script help

Post by SLGray on July 13th 2011, 12:30 am

You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 35672
Reputation : 2375
Language : English
Location : United States

http://fmthemes.forumotion.com/

Back to top Go down

Re: Forum hacked with sig script help

Post by tozol on July 13th 2011, 12:33 am

slg wrote:You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.

thanks for the reply, but not to sound stupid..why would I do that, so they can just come back and do it again.?
It would turn in to a running battle of never ending clean up.

tozol
Forumember

Male Posts : 32
Reputation : 1
Language : english

Back to top Go down

Re: Forum hacked with sig script help

Post by sign da tits on July 13th 2011, 12:44 am

@tozol wrote:
slg wrote:You turn html amd bb codes off to remove the problem. When you removed all of the problem, you turn the codes back on.

thanks for the reply, but not to sound stupid..why would I do that, so they can just come back and do it again.?
It would turn in to a running battle of never ending clean up.
Well, considering a lot of sites are vulnerable to XSS or SQL or other variations of languages, then the only thing to do is to ban the IP of the user, if the person is untraceable then search around.

sign da tits
Forumember

Male Posts : 236
Reputation : 30
Language : British English, AutoIt
Location : England!

http://www.devforumz.com/

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum