Saurav
Thu 29th May '08, 4:37am
Hello,
Earlier today, a hacker managed to hack a Administrator on my forum www.RapidLinks.co.uk (http://www.rapidlinks.co.uk/)
He claims it was via SQL Injection due to a security exploit in the ibProArcade Modification. (He claims to be a friendly hacker who wanted to show me an exploit)
He managed to get the hash'es and salt codes for a Administrator, and managed to decrypt the password as it was a very simple password.
He gained access to admincp for around 30 mins and edited plugins, faq.php, usercp.php (Accoring to Control Panel Logs).
I deleted the Plugin he created but I was wondering if there is a way to check if any damage was done such as adding a backdoor?
I know very little about PHP and MYSQL, therefore I am asking here.
Help would be greatly appreciated.
Regards,
Saurav
Earlier today, a hacker managed to hack a Administrator on my forum www.RapidLinks.co.uk (http://www.rapidlinks.co.uk/)
He claims it was via SQL Injection due to a security exploit in the ibProArcade Modification. (He claims to be a friendly hacker who wanted to show me an exploit)
He managed to get the hash'es and salt codes for a Administrator, and managed to decrypt the password as it was a very simple password.
He gained access to admincp for around 30 mins and edited plugins, faq.php, usercp.php (Accoring to Control Panel Logs).
I deleted the Plugin he created but I was wondering if there is a way to check if any damage was done such as adding a backdoor?
I know very little about PHP and MYSQL, therefore I am asking here.
Help would be greatly appreciated.
Regards,
Saurav