How do I get rid of him/her? Do I have to just start all over again? Whatever they've done is probably something really simple and easy to fix, but I don't know much more than the basics when it comes to computers. Go here to see what was done: My Site (http://www.sciinfertilitysupport.com/phpbb) Any suggestions on what to do would be great.
Thanks,
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

This is terrible. I'm sorry this happened to you. This usually happens to websites that the hackers assume or know are big companies. I'll try to find out what we have done in the past when it happened to us at our company and let you know (it's happened to us twice that I know of). But in the meantime, contact your website hosting company and ask them to put your site back up. They will also be very interested to know that this happened, considering they technically hacked their network. They may help you figure out who did it, and probably follow-up with a legal threatning sounding letter to them.

Good luck http://sci.rutgers.edu/forum/images/smilies/frown.gif

Odds are it happened to the webhost and not your site specificaly. This has happened to my site and the website of the IRC network I'm on. Not much you can do but contact the host and wait for them to fix it.

http://www.tuath.org/files/sig.jpg

Make sure your message board is up-to-date. It is localized to an exploit in PHPBB.

-Lewis

Thanks, I have contacted my webhost and I'm just waiting for them to reply. Hopefully they can fix it for me, I never even considered that they might do that for me.
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

Looks like the problem is just a meta-based redirect. Go into the index.php file in your /phpbb folder & check the tags in the header. There's likely one tag that has the address http://hostingyourwebs.net/host/bu/ in it... just delete that (the tag, not the file) to at least get your board back up.

Thanks Scott, I checked that file and all other likely files I could think of and found nothing like that. I figured it was something simple like that. Is there anywhere else they might have hidden the redirect code?
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

dunno Krystal, when I click your forum link I see the phpbb system for less than a second before it redirects. I have a phpbb forum running on my business site & I can't think of any other way a redirect could occur w/o being embedded into index.php somewhere.

edit: looks like you tried a reinstall or an update. let us know what happens...

Scott,
I updated to the latest version of phpbb, but still I get redirected when I go to the site. I've been through almost every file looking for a link that points to their site but I can't find anything! Boy is this ever frustrating. http://sci.rutgers.edu/forum/images/smilies/mad.gif Thanks for the help, I'll let you know if I make any progress.
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

I agree with Lewis. They probably used this (http://www.packetstormsecurity.nl/0503-exploits/phpbbsession.c) to gain Administator privleges.

I don't remember who did it, but two years ago someone hacked our club Web site. They put a message on the home page saying who they were and that they had been hacked the site.

I contacted owner of the company that hosts our Web site at his home on the weekend and got him involved. Within a couple of days they got our site back up and got rid of the hacker. It drove me nuts until they fixed it though.

I believe it turned out that the hacker had taken over a section of our Web hosts server and got at more sites than ours. They put in some additional safeguards and it hasn't happened again.

I'd like to know why some people seem to get their jollies from wrecking havock on others. Good luck at getting everything back in order.

mrsnomis

Hey Scott, I found where he hid the redirect code. I found this ...META http-equiv=refresh content=0;URL=http://hostingyourwebs.net/host/bu.... in one of the forum descriptions. I'm letting my host take care of fixing the security problems. Thanks for the help guys.
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

Originally posted by krystalpineo:

Hey Scott, I found where he hid the redirect code. I found this ...META http-equiv=refresh content=0;URL=http://hostingyourwebs.net/host/bu.... in one of the forum descriptions. I'm letting my host take care of fixing the security problems. Thanks for the help guys.
Krystal

http://www.sciinfertilitysupport.com
Nice detective work!

-Lewis

krystalpineo,

A friend of mine at work looked at your site and send me an email today saying this:

Your friend's phpbb forum is still unsafe. The remote host is running SquirrelMail, a webmail system written in PHP. Any attacker can exploit this flaw to gain access to the user's accounts, thus do whatever they want. Versions of SquirrelMail prior to 1.4.4 ara vulnerable to an email HTML injection vulnerability. You may suggest your friend / her ISP to upgrade the newest version of the software.
Thumb of rule, upgrade phpbb to the newest stable version.
More security issues could be found at http://www.securityfocus.com/.


I know your fixed it temporarily, but considering my friend's expertise I'd look into his advice if I were you.

Dzskat

Thanks dzskat,
I'm trying to convince my host to upgrade squirrelmail to the latest version. I'm not sure if they will or not. I'm actually considering switching to a different host, as these guys are driving me nuts.
Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

great to hear Krystal; hopefully you'll get eveything sorted out w/o any more problems. If you need suggestions for another hosting company, let me know...

Scott, I'd love suggestions. You can post them here or e-mail me krystalpineo@eastlink.ca

Krystal

www.sciinfertilitysupport.com (http://www.sciinfertilitysupport.com)

Can't say I know anything about Canaca, but here are the ones I've had experience with or know people who have:

www.ipower.com (http://www.ipower.com) - I have 3 sites personally hosted with these guys, and have referred a few folks to them. In 2+ years I've never had any reason to contact support, and they've been good.

www.web.com (http://www.web.com) - this is who Susan has sciwalker.com hosted through. They're okay, and seem to be a decent sized company. Occasionally they have to reset a database for us & it's a pain in the butt. Support is okay via phone; they're not good about responding to every email or support ticket.

www.1and1.com (http://www.1and1.com) - I haven't used them but a guy I know has a dedicated server w/ them for a business. His site generates six figures of income for him personally.

www.dreamhost.com (http://www.dreamhost.com) - two friends of mine really like these guys, one of whom is a self-proclaimed geek. Dreamhost seems to offer pretty decent packages. No personal experience w/ them though.

www.interland.net (http://www.interland.net) - the guy that switched to 1and1 used these guys for several years.

www.4dwebhosting.com (http://www.4dwebhosting.com) - not recommended, poor service & support. The guy who switched to 1and1 got burnt by them.

Don't consider a host that doesn't have a phone number available.

Krystal, if you are looking for reliable web hosting, try either of these:

TextDrive (http://www.textdrive.com), no cPanel, but TextDrive is run by true geeks. One of its owners, Dean Allen, is the developer of Textism (an alternative markup language) and the CMS TextPattern. My main site, www.jonimueller.com, (http://www.jonimueller.com,) is hosted there. Their tech support is unsurpassed.

AffordableHOST (http://www.affordablehost.com). They have many packages to suit any budget, all accounts are cPanel accounts. Tina Peters, the owner, has been running AH since 1997 with minimum downtime. Security is top priority there as well. I have several sites there as I have a webhosting/reseller account with them.

Good luck.

Life is a shit sandwich. Eat it or starve.