I'm sure your all sick of seeing this topic. I just took over a snowmobile Forum b/c previous Admin lost interest, and it was getting flooded w/ spam. I'm learning but I'm very limitied in my computer skills. I have been watching and deleting spammers out of my Forum trying to clean it up. At this point I have deleted the Spammers that got in and made themself admin's. I have had my site restored, changed all passwords, deleted Install directory, and looked thru the plug ins. My problem is I do not know how to identify if a file should be there or not, and the spammers very well may have a back door into my forum. I have contacted my hosting company and they can't help w/ trying to locate a back door. Is there a service that I can hire to help me with this that will be fair on pricing? any idea on what is even fair w/ pricing? Please help...

Download the default files from vbulletin members area and apart from the ones for you plugins see what have been changed by going to your admin panel then maintenance/diagnostics/suspect file versions and replace the files needed if you see any files in there that are not part of vb or ur custom plugins delete them if you want to be sure reupload all vb default files again but delete the install folder and the config.php.new file

Thank you for your response. I will attempt that tonight.

Wheh I looked through the plug ins I found one that was titled "Thank you the hack" I disabled it, I assume it's spam...??

Does anyone know of a service or a trustable person that I can hire to help me w/ this?

The thank you hack is not spam

I would do the following, to ensure everything is clean.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked (http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked)

http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site)

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5)
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions)

carllaponte ,

Are you referring to a vbulletin 4 or 5 site ??

Sorry posted this in wrong spot. I'm all good now. I hired socialteenz to fix damage from being hacked and also a list of many other items. Best move I have made since taken over this forum. I would reccomend socialteenz to anyone who is not an expert and wants their forum repaired. Thank you socialteenz!

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs/vbulletin-cleaning-up-hacked-forums/3999583-how-to-clean-up-hacked-vbulletin-forums-for-vps-dedicated-hosting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs/vbulletin-cleaning-up-hacked-forums/3999583-how-to-clean-up-hacked-vbulletin-forums-for-vps-dedicated-hosting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.

Can that script be used for vb3.8.x ? seems like a great tool!

yeah it's originally for vb 3/4 and extended for 5 :)

Great, i'll look at that for my own amusement, i've not been hacked...etc but it would be good to get a benchmark from it to compare in future.

Gonna try the tool out, thanks. :]

Use this.
[OzzModz] Default Profile Tab (https://vborg.vbsupport.ru/showthread.php?t=302655)

Forget this, wrong thread.

Use this.
[OzzModz] Default Profile Tab (https://vborg.vbsupport.ru/showthread.php?t=302655)Errmmmm, Ozzy, wrong thread?

I see that now, no wonder it did not show in the thread I wanted it to. :p

Aside from the steps in the vBulletin documentation, the display message that is showing in place of the forum in vB5 is due to a template customization. Go to AdminCP -> Style Manager -> Edit Templates (select the one that is in use).
In the template editor, scroll and find Display Templates and double click it. Look for display_Forums. It will probably be highlighted in Red. Now, if you have customized this already, it will be red anyway. This is the file that contains the "Hacked by…" message. In my case, I just reverted to the default. There were no other changes I could find, but things may be different in your forum.