TOPIC:

Yeah, unfortunately this would be a relatively major migration, not an update, since it's gone to a significant new release since ICB started (and the version we use is no longer supported, so I can't get at the last updates, grrr). I'd been holding off for a new bridge between Joomla 1.5 and phpBB 3, which is now available and apparently stable. So, might just have to do it sooner than planned.

So, I scanned through the logs and think I found the hole they found. Looks like the calendar module had an exploit that allowed them to upload a shell script which in turn let them replace the index file of the site. I haven't looked at the shell script in detail, so I don't know what else they might have done, but the database and files appear intact.

The calendar module has been removed, and I will look for a replacement. All Authors have been reset to be registered users, and all Admins also until they confirm change of passwords, just in case. In addition, all backend passwords have been changed.

There was no major download activity, so I think the database and user info is safe, the admin user password changes are just for my peace of mind.

Dam 14 year old, I blame the parents