php website hacked - advice needed

mr c · 02-07-2011 10:31pm #1

Hi a friend of mine runs a forum and it has been hacked
he wants to try and get it repaired and determine who done it
can anybody on here tell me
1. where can he get someone who really knows there stuff to fix it at a affordable price and
2 . can the person who did it be determined

any help at all would be greatly appreciated

i hope i have posted this in the right place

Thanks

partyatmygaff · 02-07-2011 10:37pm

Was it a phpBB forum or something that was hacked? How bad was the attack in terms of damage? As for determining the person who carried out the attack, that depends on how skilled the person who orchestrated the attack is in cloaking their identity.

mr c · 02-07-2011 11:05pm

sorry im not really sure
it is a forum using
simple machines smf
i dont really know anything about this kind off stuff

ocallagh · 03-07-2011 9:48am

First thing I would do is contact your hosting company. A lot of the time they will sort this out for you by restoring a previous backup of the file system and also the database.

If they can't help out you'll need a web developer with experience in PHP/MySql and preferably forums/SMF to fix it. Two things they'll need to do:

Wipe file system and fresh install of SMF
Check if the database was compromised (probably was). If so, you'll need to restore a previous backup.

Once you have your system back up and running you'll need to reset all your passwords and will definitely need to hire a developer/sysadmin with experience in security to find out how the hacker got in and make sure it doesn't happen again.

To find out who orchestrated the attack will more than likely be an expensive & fruitless exercise.

You should contact all members and let them know their passwords may be compromised.

mr c · 03-07-2011 4:00pm

thanks for the advice i will tell my friend
cheers

amen · 03-07-2011 7:12pm

You should contact all members and let them know their passwords may be compromised.

and of course you are registered with the data protection commissioner and will be informing them of the breach

partyatmygaff · 03-07-2011 7:18pm

amen wrote: »

and of course you are registered with the data protection commissioner and will be informing them of the breach

Not-for-profit organisations are not obliged to register with the data protection commissioner.

dlofnep · 03-07-2011 7:22pm

Firstly - You can minmise these problems by making sure that the forum software is always up to date. If you even miss an update by 1 day, you are at risk of being compromised. It is the responsibility of whoever runs the forum to make sure it's up to date.

As for tracking down who did it - it's possible, if they did not use a proxy. Chances are there was some form of SQL Injection involved - So what I would do if I was the admin is browse over the access_logs of the forum and start grepping for typical SQL injection strings such as "union select".

If you don't understand SQL Injection, then don't bother. You need to understand how the attack works before you understand who's responsible.

amen · 04-07-2011 2:53pm

Not-for-profit organisations are

since when ?

read http://www.dataprotection.ie/ViewDoc.asp?fn=/documents/responsibilities/3bi.htm&CatID=53&m=y

php website hacked - advice needed

Comments