I am sorry for that Mole. If you trust me more than Satis, I could suggest you some phpBB protections which I made and use.

But, holy damn turkish hackers. Your page has the code which is pretty malicious for phpBB. I posted it in here on CK between the [ c o d e ] and [/ c o d e] and I got this topic defaced. Try to refresh your template first. And then we will search for the cure.

Dunno about phpmyadmin. Never used.

I noticed that too, about posting it in the code tags, it made this page die, so I uploaded it as a text file for grabbing.

I've managed to get in to the admin pannel on my forums, but if I click in the management tab for the forum, I get the same page up. I can still access some things.

I've secured my account, there are no rogue admins/mods, and my password and my users passwords are safe.

What do you want me to send to you? Because I don't know how deep this infection goes, and I don't know exactly where it has manifested it's self either. I assumed it was the index page, untill I got in to the admin pannel and found it there too.

How do you mean, refresh my template?

Thanks for your understanding.


EDIT:

Researched in to it.

Basically, they had created new forum and put it inside a giant Iframe, with their logo in it. Googled that, fount something called toolkit, which removes any Iframe, javascript tags etc.

This then allowed me to reaccess my management pannel.

Which then allowed me to delete their forum.

Take that you bastards!

Now, On to not allowing people to access phpmyadmin

You are welcome.

Template -- renew all the files in e.g. /template/subSilver/. And then see if the thing happens with subSilver template. If it does, the template is likely no problem.

What source... all *.php files except config.php with templates. I think you do not expose your forum by posting that to one single person but your is to judge if I missed something. Don't post in public, use link in pm.

But try the thing with the template first. Got a messenger?

personally I'd recommend removing all files from PHPbb and reloading from scratch. There's no telling where changes might have been made. You can pm me your phpmyadmin address and I'll see if I can get in.

btw, you might as well assume all your usernames and passwords have been compromised. After you reinstall your forum (not before!) you should probably change all your passwords, including your MySQL one.

*edit* And back everything up before deleting anything */edit*

Yes, that is definetely the best solution to be sure that everything is clear. I am just sick hunter on these malevolent bastards, who wish to break new toy before dropping it on garbbage.

I see your forum is going well again. If you have idea how they did hack you (Apache log would be extremly useful) let us prevent the similar attacks.

Thanks for all the help guys I'm moving the forum in a few weeks anyway, so I'll be doing a clean install anyway. But I managed to sort everything out, I've .htaccessed myphpadmin and updated everything else.

Again, thanks!

I don't know why you are moving it, but i hope it is not because of this turkish pussies.

No, it's because my host is a ripoff.