Hello

I had my forum hacked today and the frontpage defaced. Any file i try to go to gives me the hackers message on the front i removed every file on the server and reuploaded them, set the config.php with the database information and also added define('DISABLE_HOOKS', true); into the PHP, now after i did this there was no change, the hackers message is still in the database wich makes me guess that he maybe changed FORUMHOME as suggested when i tried searching google for answers, i can access the database from Phpmyadmin BUT i cannot access the forum adminCP i can access the login windows but when i press "login" it redirects me to login.php wich gives me the hackers message again, what do i do from php my admin to get my forums back online ?

Link to the site?

If the INSTALL folder still exists on your server, delete it.

The site is over at welikeanime.com and i can go to admincp/ but i cannot login. The installfolder is deleted from the root folder since the install.

I get nothing but a blank page, there's no code in reading page source.

my stupid host removed the default style in the "style" table in the database when scaning, i tried to restore it it but now i just get blank pages. i have a test forum with another license that also was defaced and the code bellow is on all pages i try to access like login.php index.php or simillair. It was on the frontpage where you also get a white page now but after the problems in the "style" table the page is just white, anything you can figure out?

it's for most .php files in root like if i go to mysite.com/login.php or index.php instead i get the hackers message


Malware:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>HACKED BY Mr.M0R0 MOROCCAN HACKER</title>
</head>

<body>

<p align="center"><img border="0" src="http://stupidwebsite.com/46/95/864954/65130309_p.gif"></p>

<p align="center">&nbsp;HACKED AND DEFACED BY Mr.MORO MOROCCAN HACKER</p>

<p align="center">&nbsp;WHAT THE HELL IS GOING ON HERE YOUR SECURITY IS LIKE A SHIT</p>

<p align="center">&nbsp;++++ING UNSECURE SERVERS I REALLY HATE IT. NO APOLOQIZE , NO MERCY</p>

<p align="center">&nbsp;NO PITTY , NO SORRY , BUT DO NOT WORRY NO FILES DELETED ONLY YOUR INDEX</p>

<p align="center">&nbsp;HAS BEEN CHENGED SO TRY TO EDIT QUICKLY GOOD LUCK . FOR MORE INFO CONTACT ME ON :</p>

<p align="center">&nbsp;Mr.MoRo@HOTMAIL.FR</p>

<p align="center">&nbsp; BYE</p>

</body>



</p>

</html>

That's coming from a file on the server, not the database.

PM me with FTP credentials and i will have a look.

It's more than likely this one: http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/4012392-help-both-forum-and-admin-panel-just-show-white-page?_=1387659347561

See post #13

.. If not then it's the other variant where the hacker edits your master style replacing all templates with the same identical code which is rather bothersome as you can imagine :p.

I would like to thank Max Taxable for helping me with this issue, thank you very very much! :)

I would like to thank Max Taxable for helping me with this issue, thank you very very much! :)I did some PM networking and little else. The party responsible for the actual help is a really good egg.