Anyone know where this comes from?
http://i16.photobucket.com/albums/b34/DrewOnly/hacked.jpg

If you were hacked on the same host again, just simply change your host, restore a back-up and change every single password, from the FTP account to the cPanel a/c EVERYTHING. Also might want to check your access logs and ensure you're running a patched version of vBulletin and also a poorly coded plugin might be causing this aswell. How many plugins do you have?

Edit; And no I don't know about that image and it doesn't really matter anyways.

Edit; Keep an eye on this blog posts of Wayne Luke;

https://www.vbulletin.com/forum/entry.php/2503-Securing-your-vBulletin-Forums-(Part-1)

The only addons I'm running is everywhere sidebar and the chatbox.
Every password there is was completely changed after the first attack two weeks ago.
I'd bet a years salary that my host is secure, I have no doubt.

then the next thing to do is update the forums to a more secure version

Who is your host? Do you have WHM or root access?

Two Words.

Cloud Flare

If you were hacked on the same host again, just simply change your host, restore a back-up and change every single password, from the FTP account to the cPanel a/c EVERYTHING. Also might want to check your access logs and ensure you're running a patched version of vBulletin and also a poorly coded plugin might be causing this aswell. How many plugins do you have?

Edit; And no I don't know about that image and it doesn't really matter anyways.

Edit; Keep an eye on this blog posts of Wayne Luke;

https://www.vbulletin.com/forum/entry.php/2503-Securing-your-vBulletin-Forums-(Part-1)


Hmmm...He got hacked and you say he should change hosts, restore his site and change passwords....Why not just change passwords at the first host and save your self the effort of moving....There's most likely a door left in the site from the first hack and it seems to me that all the move/RESTORE accomplishes is to give the opportunity to get hacked at a new host.

I could be wrong but I'm sure you see my logic.

Cloud Flare honestly does not do alot. it actually causes more issues than anything. Really it depends on how your host setup your cpanel through whm. Many of them do really do a minimum which leaves alot of vulnerabilities (ports open that don't need to be, extra processes, insecure application configs for mysql, php etc...). The list is long of possibilities on a standard cpanel install. If you don't have root or WHM access than you will need to work with your host.

Start by doing a search of your http logs for these 2 words htaccess and filemanager
and see if you find any.

Cloud Flare honestly does not do alot. it actually causes more issues than anything..I have heard that some from v4 owners, but it does wonders for my v3.

It may increase performance in some cases I agree but it doesn't do squat for security if the hacker knows anything at all. That's what i am trying to get at :) People should not think "I'll just use CloudFlare and I'll be safe" as that is most likely going to lead to trouble at some point.

I'm not bashing CloudFlare just want to make it clear that using them does not by any means make you safe from getting hacked.

It may increase performance in some cases I agree but it doesn't do squat for security if the hacker knows anything at all. That's what i am trying to get at :) People should not think "I'll just use CloudFlare and I'll be safe" as that is most likely going to lead to trouble at some point.

I'm not bashing CloudFlare just want to make it clear that using them does not by any means make you safe from getting hacked.It makes it alot harder. Main reason is, the bad actors are quickly identified and dealt with. People generally have no idea what all CF really does do. But I have seen it in action.

Well, you're one of the very few lucky ones then. I had more issues with it than non-issues.

Well, you're one of the very few lucky ones then. I had more issues with it than non-issues.Yeah, v4 for some reason. There's a CF rep here, surprised he doesn't search up mentions and reply to stuff.

It makes it alot harder. Main reason is, the bad actors are quickly identified and dealt with. People generally have no idea what all CF really does do. But I have seen it in action.


I know cloudflare well and am a paid member as I was curious about it. First ask yourself how these bad actors are identified IP? Cookie? Now how easy are both of those things to get around to even the worst script kiddie wannabe hacker? Extremely easy.
Now lets say it can identify a previously used perl script that was used to attack a previous site in CloudFlares "circle". Changing the script is also very easy. So in all as far as I can see it is a minor annoyance at most to people with bad intentions.

I know cloudflare well and am a paid member as I was curious about it. First ask yourself how these bad actors are identified IP? Cookie? Now how easy are both of those things to get around to even the worst script kiddie wannabe hacker? Extremely easy.
Now lets say it can identify a previously used perl script that was used to attack a previous site in CloudFlares "circle". Changing the script is also very easy. So in all as far as I can see it is a minor annoyance at most to people with bad intentions.Bypassing CF to get to my actual hosting. Love to see it.

Bypassing CF to get to my actual hosting. Love to see it.

There is no bypassing there is just doing. Anyways not going to argue about it. If people want to take the easy way and just pay for CF and assume they are safe than that's their problem.

There is no bypassing there is just doing. Anyways not going to argue about it. If people want to take the easy way and just pay for CF and assume they are safe than that's their problem.I don't pay for it, I use the free version. And I don't assume anything.

I've been at this close to 15 years and never been hacked, cracked, defaced, anything. Except of course, DDoS attacks. Became quite expert on those. I used to disable entire botnets just for kicks.

I am not all that sure you understand CF at all.

There is not much to understand. The idea is great but it really cannot be effective against any attacker who has even a bit of knowledge. I think the idea is great and I hope it becomes what they claim it is now, but as of right now it does not offer much in the way of defense. A well configured server is much more effective.

There is not much to understand. The idea is great but it really cannot be effective against any attacker who has even a bit of knowledge. I think the idea is great and I hope it becomes what they claim it is now, but as of right now it does not offer much in the way of defense. A well configured server is much more effective.Multiple layers is key, you are correct. There's no magic bullet.

Derailed

DerailedSorry about that. But on the other hand, you haven't given us much information to work with.

What version are you currently running?

Is it the suite or just the forum?

When this happened before as you mentioned, what was the issue then and how did you fix it?

Bypassing CF to get to my actual hosting. Love to see it.
Where do you host email at? :)

My vbulletin is up to date. Its the suite. When it was hacked before we had to reinstall everything with a backup.