Hacker Accessed my CPanel!

[girls4christ]

A hacker just got into my SQL databases and emailed all of my users with a scamming message.  Has anyone else had this problem?

[AlphaWolf]

While a hacker MAY have accessed your cpanel, it is more likely that you are using some application that alllows them to look at users and send spam - like showing users email addresses in a message board.

If they hacked your cpanel they would probably have wiped out your entire site when they were done spamming.

Change your Cpanel password IMMEDIATELY to a random combination of numbers and letters - DO NOT base it on any dictionary words, your domain name, your user name, your real name, etc.

Change any applications where users are registering to NOT show anyone except admins their email address.

Peace

Wolf

[girls4christ]

To my knowledge, scammers don't want to take the time to ruin sites, they just want to earn money.  This scammer somehow hacked into my SMF.

[AlphaWolf]

To my knowledge, scammers don't want to take the time to ruin sites, they just want to earn money.  This scammer somehow hacked into my SMF.

Are you current on the SMF version?  Check http://www.simplemachines.org and make sure you are running the lastest and most secure version.  As far as we know, the only way they could spam your users is not via hacking, but by you defaulting to allow users to see other users email addresses.  Though there could be something new since we updated 4 weeks ago.

Actually most hackers try to bring down entire servers if they can.  Spammers are not usually sophisticated enough to hack.

But make sure you change your Cpanel password and SMF settings AND password anyway.

Peace

Wolf

[AlphaWolf]

Actually whoever it was did not use our server to send out these emails or hack you in any way.

Your domain shows only 5 outgoing emails in the last 10 days via POP and none via PHP

[girls4christ]

Ok thanks for your help, I will let you know if it happens again.

[Brad]

What makes you think that you have been hacked?

Brad

[girls4christ]

Because all of my forum members got a email asking for their bank account numbers, and I have all of their email addresses!

[AlphaWolf]

Ah, well it is possible that an email scan was run on your member list in SMF if you have email addresses visible.

If you don't, then I would say either it was a coincidence - these type emails are rampant, or run a virus scan on your home PC.

peace

Wolf

[girls4christ]

Users can choose to have their email addresses visible, but this scammer sent an email to everyone, which can only be done via my admin. account or by hacking in my SQL databases or PHP process on the forum.  The email addresses are not stored on my PC.

[AlphaWolf]

If you were hacked the hacker never used the server to send the emails.  Usually that is the way its done since most times it is a bot.

[girls4christ]

I said earlier that the hacker used my SMF to send the emails- that is the only place that they all are.

[AlphaWolf]

I said earlier that the hacker used my SMF to send the emails- that is the only place that they all are.

SMF was not used to send out any emails.  As I said before, there were no large amounts of emails sent out via your account during that time period.  If someone hacked your SMF they could have easily done a mass mail to everyone.  But that was not done.  Had it been done the server would have shown a brief period of high mail activity for your domain.  Since it did not, SMF was not used to send mail.

[girls4christ]

Then what are other ways a scammer could send every single member of my form an e-mail?

[TJ]

Many ways that have nothing to do with you or your forum.  I bet if we polled the members here at least half of them have gotten the bank of america phishing email sometime within the past 24-48 hours.  Along with half the rest of the world.  Phishers aren't hackers. they phish for bank/creditcard/paypal information and use spammer lists to send them out to thousands of people.

[girls4christ]

That is a possibility, but the thing is this list was only available via my administration account, and every girl on the forum got it.  None of them have paypal or anything like that, they are just 10-17 year old girls.

[AlphaWolf]

Them having or not having a bank account at a particular bank, or a paypal account, or ebay account doesnt matter.  I regularly get paypal and ebay 'must confirm account info' phishing emails to email accounts not associated with any account on either.  I get bank phishing emails from banks i have never even heard of.

Now, if you have hundreds of users and you are 100% sure every single one of them got this email, AND it appeared to them that you or your domain was the sender, then I would say you probably had someone guess your admin password.  But this is not how phishers generally do things.  And they sure would not target a bunch of underage people who are not likely to have credit cards, large bank accounts, etc.  Otherwise, as TJ said, you are reacting to one of the thousands of phishing schemes that hit people every day.

peace

Wolf

[girls4christ]

Then I guess the scammer guessed my password, because I'm pretty sure everyone got it and it was a personal e-mail from someone who claimed to be a foreign princess.  Thanks for your help.