I was just editing my NavBar, and I hit the "?" button in ACP and was directed to a Team Hacker Egypt page.

It has complete access to my entire public_html.

WTF is going on here? I just payed to have my site secured as I was in over my head, and now this!

HELP!

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hackedhttp://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hackedhttp://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions

I've just been hacked, so I've read all that. I want to know how to get these ++++s out of my site permanently.

--------------- Added 1379687816 at 1379687816 ---------------

My web host has told me that the issue was in the help.php file.

I suggest checking that out.

I've just been hacked, so I've read all that. I want to know how to get these ++++s out of my site permanently.

--------------- Added 1379687816 at 1379687816 ---------------

My web host has told me that the issue was in the help.php file.

I suggest checking that out.

Yes more than likely it's what I've been encountering the past few days, a file or plugin that initializes c99madshell like I mentioned here (http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/3991429-a-new-type-hack-method?p=3994956#post3994956) and to sum it up, seems as if the person you hired overlooked something - request they clean the site again due to that, imo they should free of charge.

Yes more than likely it's what I've been encountering the past few days, a file or plugin that initializes c99madshell like I mentioned here (http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/3991429-a-new-type-hack-method?p=3994956#post3994956) and to sum it up, seems as if the person you hired overlooked something - request they clean the site again due to that, imo they should free of charge.

Damn right I'm gonna tell them I want another clean up.

With your experience in this f'd up world of hacking, could you give me any heads up on what to look for? Are there common place issues like this help button one?

Looks like it's necessary for me to give these hacks I payed to clean my site a heads up to break them out of their laziness. :mad: