HarshlyCritical
09-14-2013, 10:16 PM
First of all, I have read this: http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked
I have followed steps 1 and 2. Step 3 is unncessary because I have retained administrator privileges. Step 4 also seems unnecessary. If you'd like to see the damage, this is it:
http://www.horrorgameforums.com/
And this is where Steps 5 and 6 come in... They say in Step 5 that AdminCP "provides a tool to scan directories". Well, great. Where is it? I cannot find it.
According to the Control Panel Log, this user made a total of three changes... All to plugin.php. The first one says "files" under Action, the second one says "doimport" under Action, and the third one is blank. So I assumed that since it's some sort of nefarious plugin, I could remove it. Except, following Step 6, when I go under Plugin Manager (the only one without a strikethrough is vBulletin, so I hit "Edit") there are hundreds and hundreds of them. Am I really supposed to go through each and every one? I can't figure this out.
Even when I disable all plugins (I put a line in config.php to supposedly disable them all), my home page still displays that irritating page. Please, I've been going crazy for the last couple of hours and have no idea where to go with this.
Also, the user who did this made themselves an administrator. :D Unfortunately, I cannot remove them, even though I'm a superadmin! They somehow made themselves uneditable, even though config.php does not display this information. I've googled extensively and I can't figure this out...
Thanks for any help.
I have followed steps 1 and 2. Step 3 is unncessary because I have retained administrator privileges. Step 4 also seems unnecessary. If you'd like to see the damage, this is it:
http://www.horrorgameforums.com/
And this is where Steps 5 and 6 come in... They say in Step 5 that AdminCP "provides a tool to scan directories". Well, great. Where is it? I cannot find it.
According to the Control Panel Log, this user made a total of three changes... All to plugin.php. The first one says "files" under Action, the second one says "doimport" under Action, and the third one is blank. So I assumed that since it's some sort of nefarious plugin, I could remove it. Except, following Step 6, when I go under Plugin Manager (the only one without a strikethrough is vBulletin, so I hit "Edit") there are hundreds and hundreds of them. Am I really supposed to go through each and every one? I can't figure this out.
Even when I disable all plugins (I put a line in config.php to supposedly disable them all), my home page still displays that irritating page. Please, I've been going crazy for the last couple of hours and have no idea where to go with this.
Also, the user who did this made themselves an administrator. :D Unfortunately, I cannot remove them, even though I'm a superadmin! They somehow made themselves uneditable, even though config.php does not display this information. I've googled extensively and I can't figure this out...
Thanks for any help.