Turkish hacker.

can you paste a link so we can see if its a WebWiz hack or server hack

it maybe they have uplaoded files to the server

ok it does seem to be a WebWiz hack

you need ot go to the admin configuration area and change the top image url to something else or nothing


to avoid this:

1. don't allow image or file uploading unless you know the person well
2. make sure your password is atleast 8 charecters and letters and numbers and not directory word like hello etc
3. make sure your database is outside the root folder so it cant be accessed
4. failing 3. change the path to the database to .asp not .mdb and change the name of the database to .asp not .mdb

there are some ideas

you want to place the database in the private folder then set the path within the common.asp files to the physical path


E:\domains\yourdomain\private\forum.mdb

example

you can get the physical path from your webhost or use

response.write server.mappath("../../private/forum.mdb")


note the above may be dis allowed, but your host will know

It sounds like you left your site open to hackers by not disabling write permissions.

With write permissions enabled a hacker doesn't need to use the forum to hack your site, they can simply manipulate HTTP to upload files to the server writing any files they want in any folder that has write permissions.

As the latest version doesn't use the ADO.Stream object you should also consider disabling this as there is a security hole in this object that means by changing HTTP headers to 'PUT' files can be placed anywhere within your site.