Hi OP. sorry about your website. I hope you do well in life.

My site got hacked yesterday.

The Hosting provider (webhostinghub.com) said it's a vB issue.

The symptom was that nobody could log in, not even Admin (myself) but the site was readable.

Why on Earth vB can not provide a function such as "restartable copy of site" that can download a snapshot of the site to a local PC?

Now I am going through the hoops and people running their sites by free software , not vB, could be laughing at me and our entire community.

Why is hacking so easy with vB? No tools on my site, all by the book.

You should really start your own thread if you're asking for support.

Any website can get hacked, even free ones. :up:

I am not asking for support.
Restored (still in process) from backups but with nothing changed nor improved, the hackers can walk in at any time again.

They do, if your site was readable then all you had to do was upload tools.php, repair your access and you're back in!

If you have all the latest patches, no extra add-ons...etc and it's a bog standard forum then it's either a very insecure admin password thats been discovered or they've accessed your server by poor ftp password, insecure folder permissions or if your on a shared server via some other vulnerability on the server maybe via another user.

Thanks, I did not know that (that tools.php) can be used to do a snapshot. Never actually seen what it looks like, never started it, just removed from the site.

It is a shared server. The pasword, although not easy, could have been cracked by some automated procedure.
Changed them all today, for site, for ftp for hosting control panel.

The site is up and running now, fully restored. What they did this morning was to insert some malware. Several members who know my private email address reported that their computers are warning them about malware (the hackers placed it in index.php, even word "Russia" was readable among other things)

tools.php doesn't do a snapshot, if you're locked out for whatever reason, database issues...etc then you upload tools.php and you can gain access, you wouldn't have had to do a restore from back up. It appears your backup has the malicious code already injected.

Download your entire directory and scan it on your pc at the very least.

Bear in mind it's possible the server itself was compromised - if another site on the server was hacked symlink means all sites on the server are now vulnerable.

backup does not have the infected file - it was newly created index.php which is 5Kb, the original one is 1.99Kb. Not knowing what else could be infected, restored the whole lot.
While the site had the contaminated file, Google bots found it and inserted my site into "known malware distributors", warning people not to enter.
Now I am getting it removed from there.

I had a customer with a similar problem. The malware came in via Word Press

for those who use a VPS or better, ASL (www.atomicorp.com) is an easy, all-encompassing solution for malware. It's like $30 a month but well worth it.

loua I hope your site is doing well let us know :D.

The site is back 1 day after the hack. The database was not touched.
Backup restored.
Passwords changed.

Extra work was to get removed from Googles "Known malware distributor" list that Chrome users receive when accessing the site.

Used Google Webmaster Tools to request another inspection (done in minutes) and analysis. Took a few hours for their response, the site was found clean and got removed from the list.

glad to hear it. can't stress it enough though.... backups backups backups! at LEAST one per day. if not of the files, but just a database dump. You can do this as a cron job if your host supports it.

I been wondering what ever happened to Gemma... I got wiped about 6 years ago and they wiped everything... I got the IP from the Apache logs found out there was an well known exploit in Amxbans that even the current coders knew about but never posted anywhere to people it was there! I took the IP found it was linked to a dedicated Counterstrike server in UKrain same guy had been pulling this off all over the place!

I sent the information to their Internet Crimes division and they went off line but then a few months later they were back up!

I guess it's all my fault I loaded a script with a vulnerability in it but the coders should have made sure everything knew it was bad and not just sit on it trying to fix it!

I feel for Gemma and I was truly upset lost a ton of flash animations I made and didn't have any backups as I had issues lost a hard drive at the same time which really depressed me but that's when I moved over to vBulletin and never looked back....

I now keep back ups of the database and all my files...

Oh, I built a new bigger, better and 'sexier' site a little while after getting hacked but I've now stopped building/running sites altogether and I'm rarely online at all. I do however still pop on here and xenforo occasionally answering a few posts related to either my own mods or v3 Arcade and still help with some admin stuff on a site for someone.

Thought it was about time to have a life away from forums for a while. I may return on day though :)

I look forward to that day m'lady.

oh..that's so sad :( and goodluck with your surgery. Hope you get better soon. ambrose catalogue

I can appreciate you wanting a life, but we have missed you around here!

Take care of yourself :)