Hi all.
Please advise me about this problem.
Our website has been hacked.
Our site has two admin account, and the hacker reset one of account and hack our site . then we restore the site by another admin account .
Any way I don’t know what happening when I go to the cpanel for editing the forums, I saw all of the forums name is the same as hacker name!!!
Also in the forums description this code is exist “<script>location.href="http://kamy4r.persiangig.com/xmors.htm";</script>”
So when all of the topics and forums redirect to the above link.
Pls note that I totally change (new) the following files and I sure that these files don’t have any problem:
config.php
index.php
.htaccess

Please help us , what should we do .

Thank you in advance.

Change all passwords e.g all admin accounts, cpanel, ftp

Also .htaccess the admincp
There should be an option in cpanel (password protect directories)

also, if you're personally prone to these attacks, it may not be a bad idea to do an hourly backup of your database!!!

thanks.i have been changed all the password.but how about the forums , the name and description of all forums changed to:
“<script>location.href="http://kamy4r.persiangig.com/xmors.htm";</script>”
and we redirected to this link . what should we do and how we can modify the forums name and description as before ? we strongly beleive that the hacker put above link into one of the main file(or settings) of our site.
waiting for your advise.
thanks.

what version of vB are you using?

Check your headerinclude and header templates. Unless you know for sure that the person did not access via server check for any additional files/scripts that you did not upload/edit yourself. 1) Can you not re-edit the forum names and descriptions via Admin CP? 2) Also, did you say that when clicking topics the links will take you to the person's site?

Go To:
In Admin CP, at the left-hand navigation, go to Statistics & Logs --> Control Panel Logs --> Control Panel Log Viewer --> View

*Check any entries made other than you. Snag the IP(s) if any and look at the files that were edited. More likely if the person gained access via Admin CP he/she did not consider pruning those entries.

Check your headerinclude and header templates. Unless you know for sure that the person did not access via server check for any additional files/scripts that you did not upload/edit yourself. 1) Can you not re-edit the forum names and descriptions via Admin CP? 2) Also, did you say that when clicking topics the links will take you to the person's site?

Go To:
In Admin CP, at the left-hand navigation, go to Statistics & Logs --> Control Panel Logs --> Control Panel Log Viewer --> View

*Check any entries made other than you. Snag the IP(s) if any and look at the files that were edited. More likely if the person gained access via Admin CP he/she did not consider pruning those entries.

thank you.
i checked the address. but contol panel log viewer in restricted access in our site . ("Control Panel log viewing restricted.") do you have any other solution?

--------------- Added at 22:41 ---------------

what version of vB are you using?

3.6.7

Add your userid to config.php

Can view admincp log.

Make sure to search your templates for "persiangig", "kamy4r", ".com" or anything else that might lead you to them and remove it. You never know what kind of javascript they've included without you knowing.

But yea, most importantly change your password, .htaccess protect your admincp, and change the name of the admincp directory.