I dont know how but my board was hacked by some site by the name Spyhackerz.com .
I use SMF as my board and the main settings file Settings.php was hacked.
This file had the password of my DB and i dont know whether they have it or not.

They changed its content to the following:



Well do you guys know of this.Do those guys have my password now.
I changed back my file and my Board is working now.

Please help as this is a very very serious matter

Holy crap! Trap Seventeen security was breached. I think they would have used an FTP server exploit or anything else, which means ALL users security is compromised.

Backup your files in your computer EVERYONE.

*Calling BH or OQ*

*wait*
You might want to check at the SMF Support Site for clarification about whether this is a problem throughout the SMF Community or solely for your site.
Don't start making any assumptions about the Security here at the Trap17 Forums or on other Xisto Sites.
There is no reason to believe this is a Trap17 account holder problem until further information is obtained.

To begin with, alter your cpanel password immediately.

Well i have asked the SMF guys lets see.

Well, yeah, the mod is right (sorry, I can't even pronounce your name, too confusing. ).

I usually enter nervous stats and it ends on this, saying that I don't trust certain security or etc. Anyways, nobody knows if something is 100% secure.

I think that Trap servers are 98% secure. So yeah, change your cpanel pass.

I will be trying to report this to the feds unless it was framing, etc.

But getting with police is actually no good, so unless this gets on high critical status, I should keep my mouse shut.

Simply, an easy password could be the issue. Sometimes "hackers" are nothing more then "lucky guessers". Make sure your password contains is hard to guess.

Something like "j42dks;;;" would work very nicely infact. (DON'T USE IT). Somelike "coolio" is to easy.

Backup all your files, you should do this everytime you change a setting anyways.

Most likely what happened is that they put code into one of your db search fields and or logins and depending on the code they used, it can allow them to pull data from your setting files and or from your database giving them access to it. I used to have a phpnuke site and after being hacked, i read a ton of articles on how to secure it. However, it just cant be done since with every new version of software there are new flaws that are created. I would make sure you update your forum to the newest version since the security vulnerabilites will be the least likley known and always update to the new version no matter what anyone tells you. Also, make sure it is hard to identify exactly what type of forum you are using since it will make it harder hack. Finally, change all your passwords just in the case they found them because they will be back if they do.

If your account was compromised, there wouldn't be any left of your files and database... right? Think before you assume.

Which version of SMF were you using? And did you follow all SMF standard setting instruction, such as CHMOD?



So have you upgraded to 1.1 RC3?

You also may have left the install file in, CHMODDed a file where it wasnt neccesary. All of those things can compromise security.