Anyone else getting hacked?

[spaceghost65]

I lost the faqdata faqcategoryrelations tables and I thought i was getting SQL Injected. Took a look at the admin log and saw an IP that was clearly not on our subnet executing delete commands to the entires as "admin" when I am the only admin. Upgraded phpmyfaq. Was able to restore the data table but not the relations table. Began going through by hand but the hacker was just waiting for me. Tried banning IPs, Deleted all the users.

I really liked phpmyfaq, any hints for prevention or has anyone had this happen?

edit *phpmyfaq

[Thorsten]

Hi,

which version did you used?

bye
Thorsten

[spaceghost65]

Hello,

It was definitely a 1.6 build not too far behind 1.6.12 which is what i am at now. I'm unsure of the exact one. :/

[Thorsten]

Hi,

all versions before 1.6.10 had a security hole...

bye
Thorsten

[spaceghost65]

what was it? is there any documentation? just for closure i guess.

[Thorsten]

Hi,

http://www.phpmyfaq.de/advisory_2007-02-18.php

bye
Thorsten

[Joeydood]

i'm on 1.6.6 and my categories are suddenly gone.

when i create a new category, it brings me to a 'page not found' when it attempts to navigate to the /faq/categorywhatever.html file.

need some help here!

p.s. you should move your forum over to vbulletin. it prevents crap like the porno posts from today from happening... just my .02 on that one.

[Joeydood]

actaully, i'll DEFINITELY SAY that there's a security problem with this version. i've got ip's from korea in my admin control panel. we're a US company with no employees in korea.

got a fix for it?

[Joeydood]

ok so i upgraded from 1.6.6 to 2.0.0.

how the heck do i get my content back?

[Joeydood]

can't log into the admin cpanel either, says user or password not valid.

anyone have any clue what to do here? i though an upgrade wouldn't destroy anything but my content is not hooking up nor are my users.

is there something else i have to???

[Thorsten]

Hi,

1.6.6 has security problems which were fixed in 1.6.10.

bye
Thorsten