My forum was hacked a few hours ago. I haven't made a backup of the database in a month and I don't know if my files are backed up, will need to check my laptop that's at a different location later.
I don't know what to look for to find the "Hacked by" file.
It's not in index.php or forum.php where do I find this?
They also sent emails to every single member (17,500+) on my forum.
What steps do I need to take to recover from this?
I was running on 4.1.2

I can't login as admin and they banned all members
Cyb Advanced Forum Rules is NOT installed on my forum

was it just hacked or they also deleted all the files and database from the server ???? my forum was hacked but they just deleted all my sites directories but luckily they didn't delete the databse. chek n see if you are lucky enough & i would suggest just upload all new files or the last backup that u have.

Download your version of vb from vbulletin.com and upload all the default files (keep a copy of your includes/config.php file!). Unless you modified them, then the default ones you download should be fine.

My thoughts - if you have no idea what to look for in your database, then you are better off using a backup.

Please learn from this and make more frequent backups or ALL your data.

I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.

You've spoken to the hackers, tell us more.

You've spoken to the hackers, tell us more.

I was curious about this as well. Did he schedule a dinner with them? lol

I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.

As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.

I was curious about this as well. Did he schedule a dinner with them? lol

Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.

As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.
Great idea! Will do that too.

I also have the install directory password protected just in case they want to try and play with anything in there.

Sorry to hijack, but what's the easiest way to password protect the directories, Boofo?

I use a program from Coffeecup software called "Coffeecup Website Access Manager". It allows you to password protect any directories easily. I'm sure there are other programs out there that will do the same thing.

Thank you Boofo for the advice. I'm also taking it.

(Sorry about hijacking the thread.)

Does anyone know how to revert this change?
"spainish"

https://vborg.vbsupport.ru/external/2011/05/38.jpg

Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.


Great idea! Will do that too.


They didn't decrypt your password,they used a keylogger..Probably something you clicked on in your emails..Or downloaded..

They didn't decrypt your password,they used a keylogger..Probably something you clicked on in your emails..Or downloaded..

I'm very careful about these things, I highly doubt that's what happened.