I recently had 2 of my VB sites hacked
I done all the security checks (How To Make My Forums More Secure), and working in the industry full time (as a designer not a developer) all my sites are very secure
So basicly I had a parse error on the index of my sites and on my forums, so I commented out the following line in my global.php where the error was pointing to:
eval('$spacer_open = "' . fetch_template('spacer_open') . '";');
eval('$spacer_close = "' . fetch_template('spacer_close') . '";');
and I get the following at the top of the site:
ViRuSMaN Ow3nd Your SiTe ..
v.-m@hotmail.com
Immediatley I have taken the sites down, but it baffles me how he got in as I looked within the databases and done a search for the above and it is only located in the template table (on both custom and default templates).
So my question is would this be a server problem (ie. with the host bad security)? Or is there something I am overlooking here? As I have all the upto date patches admin/mod cp are secure, I am the only Superadmin on the board and password is pretty tight (changed every month). I do want to restore the database because I have alot of posts and alot of members so any advice anyone can give would be more than greatfull?
Btw. I did try on vB support but they said its either me not securing it prop or the host.. but knowing how they got in the first place would realy strenghten my argument with the host..
And also on 1 of the sites there is no mods installed!
Thanks in advance
Linear Mode
