If your system keeps getting hacked into, there has likely been a rootkit or backdoor installed by the intruder. If not, they are using whatever vulnerability they used to get in the first time over and over again. Blow-away your server and restore from a known good backup, then patch against any vulnerabilities. Look here for help: http://www.cert.org/tech_tips/ ro...compromise.html

Cheers,

Steve
Steve | 12.03.04 - 9:21 pm | #

Yes, we found a php file manager utility in the root, with an old date touched to it. Hope that was it.
Steve Spence | Homepage | 12.03.04 - 9:56 pm | #

Oy. Yeah..I've been through something like this too. I had to rip down the whole machine, format the drive, rebuild, and then put up every single page again, one at a time, examining any scripts for weaknesses.

BTW - I've found vBulletin a little less hacker friendly than PHPBB in my experience. But, it's $160 or something like that. Ouch.

Heheh...In other news, I was a cheapskate and tried to bid on one of the Detroit Diesels at AffordablePower. Can Mike email me? I used to be a telemarketer, and since that experience, I now hate using the phone. Weird, I know... I'll get up the gumption to call him today, though.

-Dee
Dee Dreslough | Homepage | 12.06.04 - 9:44 am | #

phpBB has several recent published vulnerabilities because of the (unserialize) function.

Upgrade to a newer version of phpBB. If you're really clever, reverse-proxy your httpd and filter allowed directives.

I'll help you with this if you want .. I 've been an information security consultant for several years.
Mike | 02.05.05 - 8:10 pm | #

Already applied patch, thanks. Can't upgrade at moment because a few plugins don't work with new version.
Steve Spence | Homepage | 02.07.05 - 10:29 am | #