Having gone thru this, they also modify your templates and plugins to upload a shell.

Search in templates for $execcod

Also check plugins for malicious code.

So what is the best way to secure a vB installation?

I wish I knew...lol
MY site IS CURRENTLY DOWN big time...

I got hit by ENO7 this am but the funny thing

I was warned by a member a week ago... so I did do a complete site from sub root up and IT will be fixed but I still wonder how they injected a msql code in by doing table querys or some other method to hit my database insert
html pages in to the FTP protected Public area...

My FTP which I am crazy about locking and other security..
I had in place such as FTP Locks on the basic four folders with renames for the admin cp and Mod cp htacces lock down and all...

They rolled through in minutes and poof...
If I had not received a warning, which I also find very odd, and the IP of a user that help as around a bit was also shown on the user account that warned me however they claim to know each other and be at war against each other...I also received another warning last night that it would be within a day...
I have 51 or should I say HAD 51 members with 34 fake ones I created...with no passwords that would have made sense to anyone...

I figured I was ok but I had worked about 60 hours this weekend typing tutorials up for users on my site since I am building it and added a few extra forums, luckily I have emails from the three new members that just joined and I remember their user names I will have to give them new pw and then send them email explaining that there was a DB error the freaked my site up ...how do you say ..we got hacked the folks go running away...

So who is the best and what is the best solution for a Noob like me with all of that said..Give up Never, get hacked every day and have to reinstall every night and weekends..ok if I must...
any help is welcomed...right now the server is waiting for my ftp of the back up of the complete account lucky for the warning I got...

So how can I prevent this from happening again?
Who can I trust when I do not know enough about this to stop it?
Thanks Just need to know these answers...

Hi Inspector G,

Like you I got hacked. I took my forums offline, and went to work by securing everything with htaccess, renaming files, encoding/encrypting files, everything. A few days later and BAM! Hacked again. Then my laptop broke and my site was offline for 2 months. I got it back up and within a week it was hacked again. During the time I was hacked, I found out who the people were that hacked me and started talking to them.

They explained how they managed to get into my forum and hack me. Some of it was through SQL injection but most of the time it was not. If you use shared hosting, which most of use do, then if they can gain access to the server you are on through someone else's website that is hosted on your server, they can then hack you by using SHELL or something. I am no good at hacking or preventing it so I can't say how exactly they do it, but I got around it.

I went to LeetHost and they are dedicated to stopping the hacking scandal. The guy who runs the hosting site is very friendly and very helpful. I contacted him (I now have him on skype, talk to him daily and help him with his own vB forum) as the 3 hosting packages I found were not suitable for me and he made me a custom package at a price I decided that we could both agree on.

He is the best hosting provider I have dealt with to date and I have had no problems with him. As far as I know, it is just one guy who is running the site. If you want your site to be online all the time and to not be hacked then I defo suggest you sign up for this hosting. I can tell you that you will not be disappointed with the service.

Edit by Staff: Your "affiliate" link to LeetHost was removed it now simple directs to said site - TheLastSuperman

so How exactly did you find out who the people were.
Kinda defeats the purpose of slamming a site huh?
were they by chance on this site?
was it profit driven or motivated?

Your link to LeetHost is offline... ironic? lol

I'm going through the same issue right now - one of my vbulletin sites was defaced - as far as I can tell they only changed the index.php and forum.php files in the forum directory, but it appears they also deleted the adminlog. I found a backdoor/shell PHP file, a mysql backup so they have a full backup of our forum's database, etc. I do not see new users in the administrator section so they didn't create themselves a user on the site. It was a 5 minute fix to get the forum working again but it's really troubling that they were able to add the shell file with such ease...

That is exactly what happened to mine to the tee...

p0wersurge have a deface script where member can submit a site url that they want hacked and defaced. My site was added to the list and therefore was hacked. While I was securing the forum, I setup a mibbit chat room and displayed the details of the chat room ID on my site while it was offline. The hackers came into the chat and acted like members of the forum but ended up confessing they were to blame.

They do it purely to prove they can. They get a quick buzz out of doing it. They really do it to get the database details for the HASH or SALT so they can crack it.

was it a VB 4.2 p 3

The guy who hacked our site left an e-mail address calling card and is offering to allow us to pay him $10 to restore the site and then give him admin access to keep it secured... lol...