johnhuns wrote: ↑
Wed Jan 17, 2018 10:33 pm
To that point, am I crazy to think that the hosting company should be preventing malware? I argued yesterday with them that it is their servers, why are they not blocking the malicious events.
The host is not responsible for updating the software you install. What likely happened was years ago someone from your organization installed Word Press or whatever else they installed and never used it, it's still active if the files are there. Any software you install is open to potential security vulnerabilities. It's your responsibility to keep them up to date, updates to phpBB or anything else patch those vulnerabilities and your host does not install them.
Your host was probably scanning for vulnerable files and came across the Word Press install, trouble here is they made a bad situation worse....
In any event based on what I have read here my advice is to download a full backup of all the files/folders you have in public_html and delete them all from the server. Download phpBB 3.2.2 and follow the directions for updating. You will need to upload config.php from your backup, the files in the avatar folder and the files in the files folder(attachments).