Vanilla Forum Hacked
Well, my Vanilla forum has been hacked, and i come here for some suggestions. Pretty much all of the threads on my forum has been closed, and the title has been modified to state perverted content. Needless to say i swiftly I took my site offline.
Contacted my web host. They have provided me with a backup of my database (not sure how recent it is), and they also said they did a check on my site and found no viruses on it.
After getting that info i assumed that someone must of hacked into my admin account using a brute force script since all of my threads titles were closed. However, upon logging in my password details were the same. If they did hack my admin account then i will assume they would also locked me out. Also, it appears like a new user was made that is locking all of my threads. The user has the permission of a member.
I realize i can delete my forum and import the details of my database, but the thing is i dont know wtf caused my forum to get hacked. If i dont know then what stops them from doing this again or exploiting some other loopholes.
I know that its extremely hard to assist me in this situation but any thoughts would be appreciated. I did have plugins customized designed for my forum, so that could be a vulnerability but right now i have no idea. I can only assume is some type of sql injection exploit as i do allow users to upload files.
Comments
Sorry to hear that your forum got hacked. Unfortunately, this risk is always around the corner. As next step, I agree that you should take a clean backup and start from there, bringing back the forum.
Answering the question of how the forum was hacked might be more difficult:
Suggestions to secure the forum
The above is not intended as a comprehensive guide, but I think it will be useful to get started.
My shop | About Me
These are solid suggestions, thanks for that. I'll be more than happy to upload the custom plugins to the site to share, but i dont want potential users installing them if there is a potential vulnerability in them. Is there a place that coders can review code here?
Yes theres a developers area, contact @underdog for info
There was an error rendering this rich post.
I've been in a situation like this few times and it seems that the bad guy put some shell script on my site disguised as an image file.
So, I suggest that you scan your sites for suspicious files.
You should look at your apache log as well as your FTP daemon log
i would recommend cloudflare for his bruteforce jerks