Can malicious code be inserted in the DB for later use?

[imJexs]

Good afternoon,

Recently my server hosting was compromised and a hacker gained full access to the system my IPB was hosted on. As you could expect, we're moving to much more secure solution for our needs, however, we are concerned what exactly could have been done while this attacker was in our system.

I know that the support tab has the feature to "check all source code" for authenticity or something similar, however, I am also concerned about the database.

As far as our plugins/applications go, I will be deleting all of them and installing fresh new versions as I'm not sure if they are included in the source code check or not (I'm assuming they're not). 

So my question is: Is there anywhere in our database that could have malicious code stored that could be ran at some point in the future without direct access to the database? We do use Pages and I will be certain to check all of our custom blocks myself for any code that does not belong, as well as the portal plugin for the same thing. I just want to make 100% certain that my IPS install is secure before I put it on a new host or it kind of defeats the purpose.

Thank you!

[Faqole]

They could have injected some malicious code to the templates that could lead your users to spam or ads, but I do not think that a code to be run remotely is possible in the case that you described. However, do a thorouh check up of your server space for anything out of ordinary. The hackers could have left a backdoor if they had full access to your server.

A restore of the latest database copy from before the hack might be an option if you are worried.

What did your host say, how did they get access? This is very important to know. 

Anyways, good luck and keep us posted.