Strange Code

This code..I found it on my javascript codes.Its not the first time.I found it Weeks ago 2-3 times on a new javascript page name:dont delete Now I found it in my javascript code.

Do you have an other admin who might have added it?

I have two other admins but they would never do this...and in Admin CP doesnt shows anything that have to do something with it.

You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

well i would not leave it on the scripts page if you dont know what it is or what it's supposed to be doing??

I am really sorry to saying this but 'Yes' Forummotion is hackable.
Do you remember my old post here-->https://help.forumotion.com/t97126-hack-on-forumotion-sites?? Well,that hacker can access my Site with my account and the rest Admins no matter,and we changed Passwords hundred times.He hacked my friend's Site lately--> http://ipclan.forumakers.com/

And that code dontdelete..he never stop adding it.

I'm going to contact Godfather about this. Please keep an eye out for this topic if possible.

Hackers can get your passwords or other information from your PC keyboard entries, if your PC gets infected with a 'Keylogger' I advise you scan your PC with Malewarebytes or other recommended spyware eliminator software.

Damn it...he keeps log in my account and add that code again.

Rideem3 wrote:Also, did you do what Dion said?

dion wrote:You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

Check to see who made the last adjustment to java management.

Why are you not giving us information on what dion has asked?

I'll only add, for now, that this isn't a forumotion problem. You would be having this same problem even if you had your own site running vBulletin.

DISTRACTION wrote:Damn it...he keeps log in my account and add that code again.

demote/ban him

shadowz au wrote:

DISTRACTION wrote:Damn it...he keeps log in my account and add that code again.

demote/ban him

Ha?? ban him he log in with my acc and the rest admins..and if you mean to ban his IP that wont work also because he simply change his IP when ever he want.

I still don't understand why you haven't followed Dion's instructions and reported back to us:

dion wrote:You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

OK, now that the code has been removed from the first post...

That script was sending your userID/password info to a third-party site. The accounts of every admin have been compromised. There is only one way to fix this, and only the founder (which I will assume is you) will be able to do it. Here's what you do:

Step ZERO: Unless you can contact them outside your board (email, text, voice, etc), do not alert your co-admins to what you are doing.

First, go to https://www.forumotion.com/en/utils and change the access password to something you have never used in the past. This is BY FAR your most important step, because it will keep your intruder from being able to undo what will happen next. If you cannot log in to the utilities (and I suspect this may be the case), send a PM to MrMario, and he will be able to reset the password for you.

At this point, log back into your board BUT DO NOT LOG OFF. It is critical that you remain logged in until you complete the rest of this task!!!!!

Once logged in, check the IP log on the ACP home page to see if anyone other than yourself is logged in with any of the admin accounts. If so, IP ban them. You can remove the IP ban once you complete the next two steps. Note: DO NOT IP BAN YOURSELF, but if you see more than one instance of your account logged in, IP ban the ones that are not you.

Now QUICKLY go to ACP>Users&Groups and remove all other admins from the administrator group. You will restore them later. This will keep your intruder from being able to use these accounts to access the ACP.

Now go back to the ACP homepage to see if your intruder has returned. If so, IP ban them AGAIN. Note: DO NOT IP BAN YOURSELF!

If not, QUICKLY go to your profile and change your board password to something you have never used in the past. At this point, as long as you remain logged in, your intruder no longer has access to your ACP. So now let's make it permanent.

Finally, go through your board THOROUGHLY and remove all scripts that you do not recognize. Check the javascript and HTML pages, the forum/portal widgets, the homepage message, the announcements, the site description, ranks, profile titles, forum titles and descriptions...EVERYWHERE. It is critical that you remove any trace of this rogue script.

Once you do this, remove the IP bans. You will now need to contact your co-admins and tell them what just happened. Also tell them that they must also reset their passwords to something they have never used in the past, and they will not regain admin access until they have confirmed that their passwords have been changed. DO NOT restore your co-admins to the administrator group until they have done this! If any one of them doesn't change their password, you are screwed, so this is important!!!

Your co-admins will be inconvenienced, but a short-term inconvenience is much better than what you have now.