So, the story.
It all had begun two days ago in the 2:00am.
Some SQL-injection was performed. So, site name and language were changed and links
to "hacked"-titled site were inserted. Also i can not change anything using administrative kit -
I see "OK" message but no changes are done.
The system version was 2.0.13.2.
I had restored it from backup. Pity for six day information but there is no choice -
site was hacked befory daily backup. Either account and database credentials were changed.
2:00 pm - site was hacked.
I had restored again and had applyed may (it seems) patch.
8:00 pm - site was hacked.
I had restored again. Had found new 2.0.14 version at .org and had upgraded site to this distributive.
2:00 am - site was hacked.
I had restored it using new installed version backup. Had found protector-module and had installed it.
Then i had change table prefix and had truned on all module protection. The protector had sweared only at
"register_globals on" and "fopen". If i use "register_globals off" administrative kit feels bad not mention
to the site. So i had to use "register_globals on" expression. Also i have no possibility to switch off "fopen"
cause all site users use it.
2:00 pm - site was hacked.
Restoring again. I had moved all this account sites to other account (i thought may be site was hacked throgh 'em).
8:00 pm - site was hacked.
I had suspended account. Waiting while they leave me.
But I think that it is not a wayout cause it is obviously that automatics is performing this attacks on shedulde.
However I saw other attacks - yesterday in the evening. They had hacked 3-4 times through 20-30 minutes.
Attack type is almost not changed but is morphing during to upgrades. It seems It became to be hard for them,
but it doesn't stop.
I need advise - what to do?
log file:
hack.log
