hello, my forum vb forumikatolik (http://forumikatolik.net) was hacked since this afternoon, and index page is not started... i can entry on admincp, so i think is just and small error, how can I recover my index page and did the forum works? can anybody help pls?

change your host, change your passwords, that will clean all your problems...

Go into your FORUMHOME template and revert it to the default.

Also, re-upload all the vB non-image files overwriting any on your server. Then, change all passwords, including FTP ect..

You should be able to get back after reverting FORUMHOME -- but it's best to be safe than sorry.

Ask any admins you have to change their password, too.

Regards Jason :)

Go into your FORUMHOME template and revert it to the default.

You should be able to get back after reverting FORUMHOME -- but it's best to be safe than sorry.



Regards Jason :)

I did it, but it's not working still :(

have they changed index.php on your server ?

have they changed index.php on your server ?

i replaced the file index.php but nothing has been changed

Do the following looking for iframe code or by word MoHaMeDiTo

Check global.php at the bottom of the file.

If you have vbadvanced, check the vba_cmps_include_template.php file as well

Also search your style for iframe code or the word MoHaMeDiTo

Then change all your passwords for your site, check file permissions on all files make sure they are 644.

If it happens again check all your hacks are up2date

Do the following looking for iframe code or by word MoHaMeDiTo

Check global.php at the bottom of the file.

If you have vbadvanced, check the vba_cmps_include_template.php file as well

Also search your style for iframe code or the word MoHaMeDiTo

Then change all your passwords for your site, check file permissions on all files make sure they are 644.

If it happens again check all your hacks are up2date


no way, there's no iframe or something word muhamedito on global.php file :(

To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

[Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

Next, disable all plugins.

Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

Do you have the same problem?

Regards Jason :)

overwriting all the .php files?

overwriting all the .php files?
Well, if you hacker added his code into one of your php files, don't you think it would be a good idea to replace them with a clean copy?

looks like they may have also changed your .htaccess file to forward your main site to /forum folder.

You May Just Post A Support Ticket At Member Area Of Vbulletin.com

Saying Your Forum is Hack....

Check for an index.html

As it covers up your index.php

Or you can import a backup and it will bring everything back to what it was before the incident.

I would also check for shells in your directories.

I maked up the forum again, thnx to your helps :D

but I have another problem, when I log in like administrator and I check one post, I can view this post, and it display a message error like below:

Warning: require_once(/home/forumika/public_html/forum/includes/functions_warning.php) [function.require-once]: failed to open stream: No such file or directory in /includes/class_postbit.php(296) : eval()'d code on line 5

Fatal error: require_once() [function.require]: Failed opening required '/home/forumika/public_html/forum/includes/functions_warning.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumika/public_html/forum/includes/class_postbit.php(296) : eval()'d code on line 5

also it happens when I click to a single member (always when I logged in like administrator):

Warning: require_once(/home/forumika/public_html/forum/includes/functions_warning.php) [function.require-once]: failed to open stream: No such file or directory in /member.php(838) : eval()'d code on line 8

Fatal error: require_once() [function.require]: Failed opening required '/home/forumika/public_html/forum/includes/functions_warning.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumika/public_html/forum/member.php(838) : eval()'d code on line 8

when I logged in like a normal user, this error is not displaying, and also like a normal user i can read post, and write new posts and looking members profile also...

could anybody give some helps... :)

regards and thank you again

D

You have not uploaded the file "functions_warning.php". This isn't a standard file in vBulletin, so it must be from a modification you have installed.

You have not uploaded the file "functions_warning.php". This isn't a standard file in vBulletin, so it must be from a modification you have installed.

done, now is OK

thnx 2 everyone

the mods can close the topic if they want

thnx again 2 all

best regards

D ;)