Guys,

I have been busy with some stuff from quite a while so was not able to keep proper eye on my vbulletin forum. In short, I was not following development and whats going around in vb world. I am already paying price for that..

Though had kept my forum updated to latest release.. last was 4.2.2 but I was so busy with other stuff that until now I didn't know that "VBSEO" was discontinued in 2013.. and had a very serious issue with it.

Also, I knew that 4.2.3 is out and was planning to upgrade soon , however today I got notification from Google my forum might have been hacked. So essentially, it was hacked a day ago and hacker installed Wordpress blogs on it.. and apparently for link building.

Again today itself I realized that back in 2014 (with 4.2.2) , vbulletin was seriously affected by 0day vulnerability which allows full access to the server..

So, its been a recipe of disaster..
1. compromised vbseo
2. compromised vbulletin version.

Now I am not sure what strategy to follow to fix issue.. I could have simply cleaned everything and startover only with database however, it appears that I need to get rid of vbseo also but I am seriously concerned with re-written URL structure.. how I am gonna compensate with it.

Worst is that it happened at a time when I am passing through a very critical and overly-occupied phase of my life.. ..

I have been reading some posts and guide about vbulletin hack recovery but friends.. I need expert advice that what will be best strategy for me without loosing traffic..

I had really spent tonnes of hours in customizing this vbulletin (with my limited vb knowledge) and dont' want to loose that..

And to add to it, I just found that my backup system had some issue and was not backing up files from last 2 months.. though I have last 7 days database backups.

- If you have database backups from the last seven days then you *should* be fine, if the hacker did not compromise the forum until just recently i.e. before the backup was made.
- If the hacker compromised the site via SQL Injection or similar and modified the database then you will be restoring a hacked site basically. You still need to test and confirm that by uploading the backup into a new database and then in config.php simply point it to the new database name, database username + password then BAM it connects and you can check that way.
- The only issue I see here IF the database backups were not compromised would be IF you stored attachments and such in the filesystem (meaning it saves in folders on your server not in the database despite some misc references there so it knows where to snag the attachments from etc) because if the hacker modified your attachments and you only have backups of that folder from two months ago then oye... might be missing a few attachments but usually hackers don't bother with those (still check the datestamps on the attachments for any edits to files).
- Remove vBSEO and change your site to use Mod Rewrite Friendly URL's.

So what you need to do is make a current backup of the site whether its hacked or not its a vital time in this restore process so don't be afraid to make as many backups as you need to, as you go - follow? Meaning that once you find something and remove make an immediate backup BUT continue working on the same database you're trying to fix, then if you happen to run the wrong query or make a mistake and delete something you can restore the last backup you made and resume instead of going back to square one!

References:
http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked
http://www.vbulletin.com/forum/blogs/michael-miller/3934768-recovering-a-hacked-vbulletin-site

Since I am still investigating, I shockingly found out that it was first hacked in May 23 this year. Apparently hackers don't want anything from my forum other than using it for SEO ie. creating their own pages with links to other sites.

Well.. currently I am looking for more clues how they got it in but since .. but my knowledge of regex is all botched up as not used for years..

So.. apparently If I really want my forum clean, ditch up everything and start afresh with DB and that too by properly examining it..

So I loose all URL value, traffic.. and my forum is botched up.. ?

And in case you are really bound to vBSEO, you can find someone to manually patch the vulnerabilities in it so you don't have to create and apply the rewrite rules. I would move to a different SEO plugin that has support though, but it's up to you.

Well, I am strictly against using any external SEO plugin anymore, I read that people had doubled traffic after installed 3rd party plugins like dbseo , however, not only with vbseo, I have seen same cases with few others also so, no more third party SEO thing. I will rather use inbuilt SEO or will go for manual optimization of stuff.
The way vb is coming, I am in view to ditch vb itself..

This may be of some interest to you:
https://vborg.vbsupport.ru/showthread.php?t=316898

This may be of some interest to you:
https://vborg.vbsupport.ru/showthread.php?t=316898

I have been there already . :up:

I pain for you. I stayed at 4.1.3 for the longest time because I wanted all my installed hacks to stay in place and work. After being hacked 2 times and able to roll back to good backups and then having spam injected on my server I decided to upgrade to 4.2.3. I did so and right after that my site was shut down do to spamming private messaging or that's what the hosting company said. Right now I moved over to another hosting site and I am thinking of starting all over to. What a pain it is to run a forum.