Looking at a site after it's been hacked doesn't do us any good.

We would still need that list of what add-ons & hacks are on the site(s) to give any ideas on where the problem might be.

The 'garbage' was entered right around where the CSS link is normally - you may want to check the permissions in the clientscript folder). If you are going to troubleshoot it, you need to know what the templates *used* to look like, and what they currently look like. You also need to figure out exactly what the hackers had access to. You really haven't given much information at all for anybody to try to figure it out. I can tell that your friend has quite a few hacks because the source code on that page is not standard vb. He might want to go read the threads for all of them and see if this hacking comes up in any of them and also make sure that he is using the latest version of all those hacks because sometimes they are upgraded because of security issues that were found.

All right, here's all of the mods he has installed (so far)

vB Gallery
vB Blog
User Pages by Amy
Awards Showcase
vB Plaza (He don't use it but he has it installed on his site still)
vB BB Video Codeing (I forgot the name but I know it's a very big, big as in popular, addon)

Yea I know, he don't add many addons.






Lynne - Thank you very much for posting that information. I am right on it hoping to make sure that that resolves the problem!

Make sure that the site has either been upgraded to vBGallery 2.4.x or the security patches have been applied for the older versions. Within the past month a security exploit was found (see the PhotoPost.com support forums for details).

From Your Friends Site.......

T0uch3d l3y Bright D@Rk

Y0ur S1r Bright D@Rk
Where is The Security Dude?
It Seems Your Security doomed to Failure
Plz Dude Don't Talking Again About
Or Never Talking About
is
only 4 Elite People and U R not of Them
is Not
For Lamerz
Script Kids!!
So Plz Go Away and look for Such Useful
thing 2 Do
G00D LUCK And Make Sure You Make The
Security
The Highest Next Time
h4ck3r
CoM
Special Greetz : Dr.Hacker -
AsbMay - nO4HarD -
Mohandko - Sp1der NeT
eGyptGhosT - Lecopra - Dr.Dermann- rED Wolf - rED
Casper - Black Cod3 - Dr.Dell - CiTy Hack - Hack4Life
Cyber Terrorist
Mohajer
22 - Alk()Mand()z Hacker - BoOoDy - ToOoFa - MaStErZmInD - GoDa HaCKeR  - Mr.Max -
nOur IcE
Special
Greetz 4 H4ck 3Gy

Yes, he always keeps his mods updated. It even says here 2.4.1.

Yea, that's the hack note.

It says where? Going to that link doesn't show a working forum.

Besides updating the software version, also ask him if he scanned his gallery files for any files that may have been uploaded prior to him upgrading to the current version. If a exploit file was uploaded prior to the version being upgraded and if that file was left out on his server then even though he may have upgraded the software his site is still open to being exploited.

Yea, he said he scanned the files and he said that he just did it now. This is leaveing me clueless.

--------------- Added [DATE]1203387371[/DATE] at [TIME]1203387371[/TIME] ---------------

All right, I checked myself and it's not that client thing you were talking about lynee.