Our site's been hacked. When trying to open the forum, a forum.php opened with an email address, 'meowholio@gmail.com for security.' I deleted that, then when the index.php kicked, it had the same email address. I uploaded the real index.php and then got these error messages:


Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_birthdaybit in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/saponorg/public_html/forum/index.php(147) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_birthdaybit in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/saponorg/public_html/forum/index.php(147) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_markread_script in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(532) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: ad_forumhome_afterforums in [path]/includes/functions.php on line 3932

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: navbar in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(562) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: FORUMHOME in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(563) : eval()'d code on line 1

Should I start by re-uploading the site? I know I'm downlevel, though I'm not sure what level I'm on. What file will tell me this? Would it 'cure' the problem to upgrade?

That would be a start.

I would rename the current folder to name-dont-use or whatever you like.

Upload the current version php files for vb to the new rightly named folder.

If there is a required upgrade to close a vb security hole, that would be wise to complete.

Upload & upgrade your installed hacks/addons 1 by 1.

Revert / update any out dated templates.

If you was previously storing any files for attachments/avatars etc, move them back int othe new folder that vb resides in.

You may also want to do a scan of the current db for injected code that may be in a template.

Thanks so much for the good advice.

Isn't there a file (online) that would tell me what version I'm using? I want to confirm that before I start uploading.

--------------- Added 1309582233 at 1309582233 ---------------

So far, so good. I went ahead and uploaded my best guess version and the site's reappeared.

http://www.saponitown.com/forum/forum.php

Where would the banner image and avatars be stored?

You are using vBulletin 4.0.2 according to your link- but from the errors posted in your first post it appears you have uploaded vBulletin 3.x files.

You are also posting in the vBullerin 3.x section- I suggest verifying what version you are supposed to be running and download the original files for that version.

My site has been hacked 2 .. and idk how to stop them :( i patched all the exploits anybody wanna help me 2 :( ........

My site has been hacked 2 .. and idk how to stop them :( i patched all the exploits anybody wanna help me 2 :( ........

You should file a support ticket on vBulletin.com. Put in all the info you have gathered about the hack.