Quote:
Originally Posted by Alvin Koh
The CoinHive injection happened on the 8th Dec from examining the web server logs. The perpetrator modified an empty section of the forum template with the Coinhive miner codes via the forum admin control panel leaving a trail in the logs.
I believe the fault is mine as a weak/old password was used for my main forum account which I haven't been actively using. Other than the administration control panel, I do not see signs of forced entry via other means (shell/Database w/ differing password and credentials).
To prevent a repeat, I've changed the method of access to the Admin controls and also added an additional layer of authentication to only those who have rights.
Sorry for the trouble everyone and thanks to those who reported it.
I will re-enable the Chatroom as it was not the cause afterall.
|
Thanks for spending time rectifying it .