Hack or no Hack?

[Watcher]

Recenly i had an error and could not access my ACP, this was not on just 1 site i had it was on all 5 sites i run, after checking i found that all my index.php pages had a line added at the top of the page on line 1

[code]what is supost to be on line 1 is "<?php"what i found was this<iframe src="http]

so is this a hack or a hole for someone to access your site?

[obiku]

It look likes your site has been hacked.

Also the other post:
http://www.integramod.com/forum/viewtop ... =18&t=5430
The message you see, is not one of integraMOD.
I think this IFrame is doing this, phishing attempt

[.QUACK.Major.Pain]

It is something a hacker left behind. Seen several of those in the screenshots folder.

As for your pink bar message, it's a security setting.
Not recognized by most people, because by default it is deactivated.

I posted in the other thread how to turn it off.

You might want to consider changing your FTP password, your database password, and your forum password.
Maybe have your admins change forum password also in case someone was comprimized.

[MWE_001]

I too agree that this is a hack. Another option is, if you are not using downloads, then chmod the pafiledb/images/screenshots folder to 755 even better would be 644.

If you are using the screenshots for downloads, you will need to insert a .hta file in that folder. They will still be able to upload the files, but the .hta file, if done properly, will stop the scripts from being executed.

I failed to do a search for the proper .hta thread as to what to insert into the file. A quick search here will surely get you pointed in the right direction. If I can find it, I will come back and give you the link to the thread in question.

**EDIT**

Here you go. have a look at this. If it goes to the first page of the thread, simply go to page 2 and look for a reply from helterskelter.

http://integramod.com/forum/viewtopic.p ... e&start=15