vb.org Archive
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Got hacked. What now? (https://vborg.vbsupport.ru/showthread.php?t=193796)

Quarterbore 10-16-2008 08:08 PM
1 Attachment(s)
I am an idiot...

Just upload the attached file to your server. you will need to change the extension to .php (the file is safe). See if you can run it or if that is redirected somewhere.

Berethorn 10-16-2008 08:11 PM
Quote:
Originally Posted by Quarterbore (Post 1646600)
A reminder to everyone that this really is easy to prevent!!!

Tutorial: Using the CRON tab to do daily backups and long term MYSQL archives
Thanks, and no thanks. :p

No, seriously, I didn't know about automatic backups. That's a great tip!



I disabled plugins as you said, and no change, so at least that's narrowed out.

Quarterbore 10-16-2008 08:16 PM
try uploading that file and see if you still have the problem. If so, then it is not a vbulletin or database issue. You may need to rename it forumdisplay.php to me sure as well.

Berethorn 10-16-2008 08:35 PM
It shows up fine - "I hate hackers" - and I agree with it. ;)

But afterwards I realized I'd already edited my index.php.

http://www.landofrohan.com/forum/index.php?

Quarterbore 10-16-2008 08:37 PM
OK, so you uploaded that file to "forumdisplay.php" and it didn't redirect?

This is important as that confirms this is not some server trick!

----------------------------------

The next thing I would do is make a new database and reinstall the forum software to the new database WITHOUT changing your existing site! You can create a new directory as the new copy can be anywhere as you really just need the database. You will need to install the same version you are running now so if you are running 3.6.11 don't install a 3.7.x or you will get errors.

Once it is installed and running, then go to the config file of the hacked forums and change the config file to have it look at the NEW database.

If you don't get this problem, then the issue is certainly in your database!

Berethorn 10-16-2008 08:46 PM
Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh? :)

puertoblack2003 10-16-2008 08:51 PM
Quote:
Originally Posted by Berethorn (Post 1646643)
Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh? :)
in db start from the last and work your way back..its easier that way. which i've done just my .2 :)

Quarterbore 10-16-2008 08:56 PM
Quote:
Originally Posted by Berethorn (Post 1646643)
Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh? :)
You said you have a backup from January, restore that to a new database and change your config file to point to the new database and see if you are still redirected. If you are, then the problem is not the database but something they slipped into a file somewhere.

snakes1100 10-16-2008 09:21 PM
There is no need to use a backup, this is a database driven hack, you need to start searching for phrases he has on that page in your DB, use phpmyadmin, thats fixable, after you find it all, start upgrading your forums & plugins.

Lynne 10-16-2008 09:24 PM
I just wanted to add..... he got onto your site somehow and he will do so again unless to 'fix' the hole in your security. You may need to be talking to your host to help figure out how he got in.


All times are GMT. The time now is 02:15 PM.
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01064 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete