My site was hacked. We restored to an earlier backup and now there's a "Unable to add cookies, header already sent." message when we try to enter the forum. I tried cleaning up the config.php file.

I tried re-uploading everything, but overwrote the config.php in the process. How many config files are there in 4.2.1? Just the one in the Includes? I was intending to try again to upload all the files, unless there's something better I should try.

In the config.php make sure <?php is the very first thing (no blank lines or spaces before it). If you've uploaded all the original files and you still have the problem, try temporarily disabling all plugins by putting:
define('DISABLE_HOOKS', 1);

in your config.php (somewhere under the <?php at the top).

Thanks for replying.

Yes, I've cleaned up the config.php and made sure there was no space in front of the first line, I went ahead and deleted all empty lines as well, but still the same error message. I have not yet re-uploaded everything since I wanted to verify that there is only one config.php which is in the includes folder. Is there anything else I need to not store over?

The distribution only contains includes/config.php.new, so it won't overwrite config.php (but if you're restoring your own backup you'll have a config.php of course).

You can also use Maintenance > Diagnostics > Suspect File Versions to see if any files have changed from the originals, or if you have any files that aren't part of vbulletin.

Somewhere some file is echo-ing something, maybe just echo ' '; Is there a gap at the top of the page? Which file it would be is hard to guess; if it's every page it could be in global.php.