What the heck with my profile?

[Jessica]

I've been gone on and off a while, and I happened to look at my profile today. Instead of being a link to my site, it linked to http://www.darkmindz.com/

I changed my password, but the email address was still the same and no posts had been made under the account. I don't think someone has access to my account.

 

What the heck?

[fenway]

wb... you may want to read though this thread first... no cause for alarm (anymore).

 

edit by redbullmarky: link fixed

[GameYin]

I can't go to the link. DarkMindZ hacked us basically because of an SQL injection. We are ok now.

[Jessica]

Sorry for not searching

[revraz]

Change your SIG URL too, our sigs URL were replaced with the same link.

[GameYin]

Jesirose has the problem. I hovered and saw it goes to DarkMindZ. Haven't checked mine but will after I post this message....

[Jessica]

Uhm...so someone PMed me to tell me to check my profile, and I was pretty sure I had changed it - but I went in to do it again and actually it's back. When I did change it I added two more sites to my sig, my consulting site and my blog - and the darkmindz urls are back again. So looks like the problem still exists. Also they changed the title of the site to Web Hacking instead of my title.

[revraz]

And I just checked my Profile, same thing here too.  And it wasn't there after the first hack, so someone did something again.

[Jessica]

My husband suggested someone might have access to the DB and just be running an SQL query. I'm sure you have, but have you changed the passwords and usernames for the db? There might be a backdoor in the code, the version is like a year old.

 

*shrug*

[ober]

version of what?  the version of SMF is not that old and the main site code is removed.  Not a bad idea on changing the db connection info, however.  I'll talk to Eric about it.

[fenway]

Where's the query log? Should be easy to find some of the pertinent update statements with string literals?