Index.php file (was hacked)

[MSF]

Okay,

Hopefully this is the right place.  I am searching for help with how my index.php file was hacked (h4x0r3d by BadgeR).

The only PHP I am running is some IPBSDK addon that works with by Invision PowerBoard.  There is nothing else too it.  :'(

I have done web searches for PHP security issues and double checked my code accordingly.  Nothing, YET!


Does anyone have any feedback on why/how/etc. PHP files get hacked like this?

Thank you kindly

[Daniel0]

Could you provide us with a link and source codes?

[MSF]

It was my Guild's website (WOW Guild).

www.blackfangbrotherhood.org

Do you want to just see the PHP stuff?  Or?

[onlyican]

Dont use Invision Board
I typed that in google once,
and before the Invision Board Home Page was a how to hack Invision Board

[MSF]

[quote author=onlyican link=topic=106954.msg428569#msg428569 date=1157476521]
Dont use Invision Board
I typed that in google once,
and before the Invision Board Home Page was a how to hack Invision Board
[/quote]

The hack wasn't to the Board itself.  It was to the Index.php file of the Main page of the website.

[Jocka]

More than likely he didn't use ur PHP page at all. He probably just found a way through your FTP server and uploaded some crappy "Haxored" stuff to your site to mess with you. If that's all he did, then he probably knows you. I'd change all my SERVER (ftp, site, etc) passwords immediatly.

What was the addon? I suppose you just have 1 addon? If so, what is that add-on. It may have a security issue or this "hacker" may have found an issue with it that he exploited.

[onlyican]

Also make sure you dont have any folder set to CHMOD 0777