a few hours ago, when login to our vbulletin forum, i get a blank page with message "hacked by Xplo1T www.prvtzone.net www.belegit.net "
I already checked all php & js files, but none has been changed today, no htaccess files have been changed neither, so i'm guessing it has been done with a kind of redirect parameter in the database - anybody has an idea how i can fix this ? where in the database i should look for a parameter causing a redirect ?

I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.

Your Server Apache or LiteSpeed ?

nevermind..

thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed ;)

I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.

Clicking a link to a forum isn't going to do anything.....the forums are just full of scrubs who know how to follow tutorials posted online :p

thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed ;)You need to identify the admin userid numbers in config.php as unalterable/undeletable users. This will prevent password and other changes.