I've done what I can to stop them, but I want to turn on safemode and other things to stop any chance of them using my forum against me.

Please let me know waht to do.

Sorry 'bout the short post... between classes...


stupid hackers...


more info later.

thanks.

Yeah, more info would be helpful, although I feel sorry for you - script kiddies are scum.

See my PM.

Yeah, thanks, Twey.

Is there a way to disable uploads through PHP?

Basically... they hacked into the admin control panel and were using that to upload php pages. I'd like to disable uploads til I can work things out.

At this point, I found his IP address and have contacted the company (ISP). We'll see what happens.

Set file_uploads to Off in php.ini.

Or you could use htaccess to deny post method from forms...like this:


<Limit POST>
order allow,deny
deny from all
</Limit>

Except that that would prevent any POST requests, which is not what djr33 wishes to accomplish.

But it would stop the hackers, and it's quite interesting, because I didn't know you could stop the POST method in a .htaccess.

You can. Also GET, PUT and TRACE. The latter two shouldn't be enabled by default, although TRACE often is. There are a couple of minor XSS vulnerabilities that can be caused with it in some situations.

Thanks, guys. Will look into it.

This guy's annoying... deleted some threads now... seems to like threatening. He didn't delete them all, like he wants me to let him hack the server or he will.... weird.
I've got backups anyway. We'll see.

Not weird at all, it's typical script-kiddy behaviour. Tries to savour his victory and prolong it by causing you to leave the server open, but never realizes that in having to do so, he's already lost the challenge and there's really no point hanging around any longer.

haha, true.