Hello, I have a vBulletin forum (3.8.4) and today my forum has been hacked.

Someone changed all of the user to admin and change all name to OWNEDBYBURNINGFIRE


https://vborg.vbsupport.ru/external/2009/08/14.png


I got that screenshot by a friend of BurningFire.


Mod Installed

- Better postbit with thanked phrases and border
- Cyb - Advanced Forum Statistics
- Cyb - ChatBox
- Cyb - Visitors in Last X Hours
- Quick Auto Image-Resize (Posts & Signature)
- Sidebar Column (Disable)



Someone can help me to fix it please. Thank you.

First thing I would do if I were in your shoes, is restore your latest database backup. After you do that, disable all plugins until you can identify which one is potentially being exploited (if in fact it is due to one of the mods). Also change yopur password for admin accounts, and lastly, double check the config.php file to make sure no users can run queries from within admincp.

And look through your access_logs (if you don't know where they are, ask your host) and see if you can find how they got in.

What information do you have.. this happened to me on my forum last night.

DO this work

1 - download ur image folder check it for any file with .php .cgi and any extension Except pic extension
2 - change ur database user & pass word
3 - re upload ur all file of vbulletin (( may be shells upload on ur host ))
4 - protect ur includes folder with pass
5 - change ur email adres
6 - change ur host panel pass
7 - and then go for check log file

ARIA-SECURITY DIGITAL TEAM

Any more news on this? Found a google cache its happened before some guy called BurningFire
http://209.85.229.132/search?q=cache:dxOAps9JlnIJ:www.hackforums.net/showthread.php%3Ftid%3D124858+http://www.hackforums.net/showthread.php%3Ftid%3D124858&hl=en&client=firefox-a&strip=1

OK i found out why.. basically adding a plugin to the admincp.. follow XXX to reverse the effects.